How do I? - Page 299 - Burp Suite User Forum

Burp pro v1.7.08 - you have limited key lengths available JCE error

Hi, I am running Burp pro v1.7.08. Java version is 1.8.0u112. I am getting the following errors with SSL traffic inspite of installing the JCE unlimited strength jurisdiction policy files for Java 8: Failed to...

Burp can intercept HTTPS but not display in browser

I have already install burp CA When I surf to HTTP/HTTPS the link showed in HTTP History but in browser it show "connecting..." "waiting for [HTTP/HTTPS]" What should I do?

angularJS - Client-Side Template Injection

Hello - I'm testing a web app that is using AngularJS v1.3.11. Burp has flagged multiple high risk client-side template injection issues with a confidence of firm. I'm trying to figure out if this is a false positive or...

Interception turned off upon starting

Hello, I would like to ask you how should I save (and load) a burpsuite project that on start, upon loading from a .burp file, interception will be turned off? Thanks.

Does Burp Collaborator test for "dangling markup" vulnerabilities?

This article on github (https://githubengineering.com/githubs-post-csp-journey/?utm_source=webopsweekly&utm_medium=email ) outlines an attack where an attacker injects an unclosed img tag <img...

Possible to add a list of Upstream proxy(s)?

Hi all, I've only been using Burp Suite for a week now, and I think it's very useful. Does anyone know if it's possible to add a list of Upstream proxy's directly into Burp without adding the proxy's...

Since iOS 10 can't trust Burp anymore, recommended alternatives?

Since iOS 10 can no longer really "trust" the Burp Suite certificate, does anyone have any alternatives that free? While it shows up as trusted in iPhone, it still marks it as not secure when browsing to a site that uses the...

I am not able to activate my burp license after formating my laptop.

My laptop had windows 10 pro burp installed. After formatting I installed windows 10 single language and tried to activate burp but no luck, it says "activation failed no more activation for this license". But burp was...

Received fatal alert: handshake_failure

Hi, Got this error while trying to intercept via Burp on Windows 8.1 "Received fatal alert: handshake_failure"

auto login

Hi, Burp offers macro to auto login. I was able to record macro, and the macro will add new cookies in the cookie jar, and the subsequent requests use the new cookies. However, the subsequent requests need one...

Manipulate Header Request Parameter in Extension

Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired...

How to switch ip addresses per 6 requests?

Hi, I am trying to run a attack on a login page. The problem is that it locks me out every 6 requests. Is their a way to change an IP on every 6 requests? I have tried the IP address header extension but when I run it does...

SiteMap & Spider Out-Of-Scope Entries

Hi, I have an application that I'm testing with thouthands maybe more of urls like example.com/[0-9]+ and I don't want to go thru them all not in Sitemap/Proxy/Spider so first I setup a rule in Scope Exclude with...

Pretty JSON

Hi, I'm using the latest BurpSuite Pro and I noticed that "Pretty" script from BApp Store just vanished. So, now if I want to beautify JSON response, how can I do it ? Cheers,

Filter

How do I add a filer which can just Drop/Intercept/Delay a specific format of message?

problem in using burp suite

I can't listen on 127.0.0.1:8080. I am able to listen on another port (for e.g. 127.0.0.1:8000). when I am connected to port 8000 ,{{ connection : close }} .I know, It should be {{connection : keep alive }}. i have watched...

Calling a saved Intruder Attack using Extender.

Hi, I am creating an Extender that will run an Intruder Attack every day at a specific time. The first step that I wanted to do is run a saved attack. Using which API I can accomplish the above. Thanks in...

Analyzing different response page with Intruder & Scanner

Can Burp do the following scenario: Request Page: www.example.com/account=123 Response Page: www.example.com/account-submitted View Account: www.example.com/viewAccount So I would like Burp intruder to submit the...

can work with some https websites but some can't?

Hi guys, I load my burpsuite to test some https websites with firefox, but it's so strange that some of it can work successfully both spider, intercept and scanner, but some website just respone "failed to connect...

Is there way to import server certificate into BURP and use it for perticular domain?

I have a thick client application which works on its own jre and it has root certificate included in its jre/lib/security/cacerts already. When I configure burp proxy to intercept traffic between client and server, I...