How do I? - Page 300 - Burp Suite User Forum

dfgdfgg

dfgfgfd

CSRF attacks disrupting testing flow

I am having trouble using Burp with my application's CSRF defenses. I can get around these problems by disabling a few features, but I am concerned that I may be approaching this problem the wrong way. My application...

Bulk Export of XML Reporting from Burp Session File

Is there a way to given Burp Suite in Windows or Linux command line arguments such that, given a saved copy of a Burp session, I can dump the XML copy of the report? I have hundreds of reports from multiple projects we...

set a scope and do not logout

Hi, I'm not sure if I'm the problem or if something has changed :-) so let me explain. I'm testing an application where a logout can be done with a URL like www.site.com/index.php?module=Users&action=Logout . In the...

Expected a value for option project-file

I am getting the above error whenever I try to load a project from command line in burp. Please let me know how do I get rid of this error or is there any other way of doing this through command line. I am using the...

Burp error

Hi, I was able to get the scan report by using my own extension. However, yesterday I got following error, and was not able to generate scan report. I did not make any change on the system that installs BURP, the same...

How to make Active Scanner avoid to scan files like jpg/css/gif and so on.

How would I do that? I saw few similar questions raised but the support team always finds a way not answer it practically. Can someone help answer this question?

Skipping server side tests for .js and .css files

How do I set the active scanner to skip server side tests for all .js and .css files? I currently have the following set with the scanner options tab and its not working: Skip server-side tests for: Parameter = URL...

AMF decoding applied to requests only

Hello, I'm using Burp to proxy some traffic to an AMF gateway. Both requests and responses have the "Content-Type: application/x-amf" header. However, only requests are AMF-decoded . Of course, option "User Options / HTTP...

unable to access "arcgis.com" url in Burp suite

Hi Team, After i set proxy in browser and access my application am unable to access few functionalities which required third party site/libraries . Brief about issue: To access GIS functionality in my application i...

Saving settings between projects

I would like my settings to stay the same between projects. I've saved them and load the JSON file when I create a new project, but nothing seems to save. I assume I am doing something wrong? I'd like the filters I set up on...

How do I Backup Burp Extenders?

How do I backup Extenders only? When restoring an old state or someone else's state, it tends to revert/change all my currently installed extenders to whatever it was captured in that particular state. After which I restore...

Cannot use Burp inside Firefox Quantum. It works on the previous version

I upgraded to Firefox Quantum and since then, I cannot use Burp as it tells me all pages do not have valid certificates. Is it a certificate that I need or are there additional safety measures built into the new browser that...

OctoDeploy Code Scans with Headless Burp Scanning? Oh My!

Hello Everyone, I am attempting to accomplish the following and I need some advice. End Goal: Setup Burp Suite to run in headless mode on a CentOS 7 box for scanning of company-owned domains on demand. We are using...

Macro: How to receive a parameter from POST response to use it in the next GET request

Hi community, I am currently testing a REST API and I would like to use a JSON parameter from a POST response in the next GET request. The workflow is the following: 1. POST to application like: POST...

Korean characters not displayed correctly in the Proxy response tab

Dear Burp Proxy support team, I tried to execute burp by using -Dencodingfile=EUR-KR options. However, in my response tab, Korean characters are only displayed as []. Do you have any suggestion on how to solve this...

Issues and advisory panel not showing in sitemap

Hi, Issues and advisory panels are not showing in sitemap. I am using free edition v1.7.27

I want to know how long a particular API has taken to load

Where I can find the time taken by API to load. I am using HTTP proxy. I know we can check time taken by using Repeater tab. But, I want to know the time taken by API when it is being used by an app or website on mobile.

Burp Intruder Payload Processor Extension for running custom shell/python scripts

Do you know of any extension allowing for running intruder payloads through custom shell/python script? That would be helpful if an app expects some specifically encoded/encrypted data for instance. Thanks, Mike

HTTPS IPv6 failed connection

Burp suite fails to connect when contacting HTTPS web servers that are exclusively IPv6. I can connect to IPv6 HTTP just fine but the I get an error with HTTPS. I do not have any issues with IPv4 HTTPS.