Burp Suite User Forum
Hi, I am running Burp pro v1.7.08. Java version is 1.8.0u112. I am getting the following errors with SSL traffic inspite of installing the JCE unlimited strength jurisdiction policy files for Java 8: Failed to...
I have already install burp CA When I surf to HTTP/HTTPS the link showed in HTTP History but in browser it show "connecting..." "waiting for [HTTP/HTTPS]" What should I do?
Hello - I'm testing a web app that is using AngularJS v1.3.11. Burp has flagged multiple high risk client-side template injection issues with a confidence of firm. I'm trying to figure out if this is a false positive or...
Hello, I would like to ask you how should I save (and load) a burpsuite project that on start, upon loading from a .burp file, interception will be turned off? Thanks.
This article on github (https://githubengineering.com/githubs-post-csp-journey/?utm_source=webopsweekly&utm_medium=email ) outlines an attack where an attacker injects an unclosed img tag <img...
Hi all, I've only been using Burp Suite for a week now, and I think it's very useful. Does anyone know if it's possible to add a list of Upstream proxy's directly into Burp without adding the proxy's...
Since iOS 10 can no longer really "trust" the Burp Suite certificate, does anyone have any alternatives that free? While it shows up as trusted in iPhone, it still marks it as not secure when browsing to a site that uses the...
My laptop had windows 10 pro burp installed. After formatting I installed windows 10 single language and tried to activate burp but no luck, it says "activation failed no more activation for this license". But burp was...
Hi, Got this error while trying to intercept via Burp on Windows 8.1 "Received fatal alert: handshake_failure"
Hi, Burp offers macro to auto login. I was able to record macro, and the macro will add new cookies in the cookie jar, and the subsequent requests use the new cookies. However, the subsequent requests need one...
Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired...
Hi, I am trying to run a attack on a login page. The problem is that it locks me out every 6 requests. Is their a way to change an IP on every 6 requests? I have tried the IP address header extension but when I run it does...
Hi, I have an application that I'm testing with thouthands maybe more of urls like example.com/[0-9]+ and I don't want to go thru them all not in Sitemap/Proxy/Spider so first I setup a rule in Scope Exclude with...
Hi, I'm using the latest BurpSuite Pro and I noticed that "Pretty" script from BApp Store just vanished. So, now if I want to beautify JSON response, how can I do it ? Cheers,
How do I add a filer which can just Drop/Intercept/Delay a specific format of message?
I can't listen on 127.0.0.1:8080. I am able to listen on another port (for e.g. 127.0.0.1:8000). when I am connected to port 8000 ,{{ connection : close }} .I know, It should be {{connection : keep alive }}. i have watched...
Hi, I am creating an Extender that will run an Intruder Attack every day at a specific time. The first step that I wanted to do is run a saved attack. Using which API I can accomplish the above. Thanks in...
Can Burp do the following scenario: Request Page: www.example.com/account=123 Response Page: www.example.com/account-submitted View Account: www.example.com/viewAccount So I would like Burp intruder to submit the...
Hi guys, I load my burpsuite to test some https websites with firefox, but it's so strange that some of it can work successfully both spider, intercept and scanner, but some website just respone "failed to connect...
I have a thick client application which works on its own jre and it has root certificate included in its jre/lib/security/cacerts already. When I configure burp proxy to intercept traffic between client and server, I...
Page 299 of 322
Your source for help and advice on all things Burp-related.