Burp Suite User Forum

Create new post

How do I specify which SSL/TLS ciphers Burp Collaborator can use?

Dear All, We're currently running a private instance of Burp Collaborator. As this host is visible to the internet, we include this system in our regular vulnerability scans focused on internet-facing systems. Our...

Last updated: Feb 22, 2016 10:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Can I add more scans to SQLi or XSS scans which are run by Scanner?

I want to configure Burp a bit more. As I understood, in Scanner / Options I can select the Active Scanning Areas. Is there a way to add more e.g. SQLi, or XSS to what already is checked? Where can I see the list of...

Last updated: Feb 19, 2016 11:32AM UTC | 1 Agent replies | 0 Community replies | How do I?

Edit list of long/short discovery file/directory lists

Is there a way to edit the long/short discovery file/directory lists that are used in Engagement Tools -> Discover Content?

Last updated: Feb 19, 2016 09:27AM UTC | 2 Agent replies | 0 Community replies | How do I?

get the "Responses queued for analysis" to actually "analyze?

I have been running the "discover content" tool and the "responses queued for analysis" number only builds and builds and never goes down. Even when the content discovery is over the number never decreases leading me to...

Last updated: Feb 19, 2016 09:10AM UTC | 2 Agent replies | 1 Community replies | How do I?

Reporting only on POST not GET methods? (Scanner)

Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some...

Last updated: Feb 19, 2016 08:46AM UTC | 1 Agent replies | 0 Community replies | How do I?

Customize the report output?

Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!

Last updated: Feb 18, 2016 04:57PM UTC | 1 Agent replies | 1 Community replies | How do I?

Compare site maps with a Authorization: Basic value

I want to do a comparison with different privileged accounts. For Site Map 2 I want to "Request map 1" with a new cookie. In the Options > Sessions I added a "Use Cookie from Cookie Jar" for Target. But there is a header...

Last updated: Feb 18, 2016 03:15PM UTC | 1 Agent replies | 0 Community replies | How do I?

Items already scanned

Are there any ways to highlight the items that have already been scanned manually or with active scanning?

Last updated: Feb 17, 2016 02:29PM UTC | 1 Agent replies | 1 Community replies | How do I?

unlimited "number of retries on network failure"

How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.

Last updated: Feb 17, 2016 09:21AM UTC | 1 Agent replies | 0 Community replies | How do I?

"Report selected issues". is not visible in burpsuite_free_v1.6.32 version

After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for...

Last updated: Feb 15, 2016 02:00PM UTC | 1 Agent replies | 0 Community replies | How do I?

How does Burp check for Anti-CSRF tokens?

How does Burp usually scan or validate anti-CSRF tokens? In other words, if the web application uses a form ID that does not contain one of the keywords which identify CSRF, does Burp use other methods? If so, how does it...

Last updated: Feb 15, 2016 08:59AM UTC | 2 Agent replies | 1 Community replies | How do I?

Website Requires Plug-in check

Hello greetings. I am attempting to brute force a param. In order to test if the param supplied is valid the page first requires that the browser has a proprietary plug-in installed. The plugin is only supported in IE...

Last updated: Feb 12, 2016 03:53PM UTC | 1 Agent replies | 1 Community replies | How do I?

Anti-CSRF

Hello, I have three related questions; 1)) Can Anti-CSRF tokens be present in publicly accessible forms (for unauthenticated users), or are they should only be present under authenticated user forms? 2)) If burp...

Last updated: Feb 11, 2016 09:52AM UTC | 2 Agent replies | 1 Community replies | How do I?

How do I send keyboard interrupts like CTRL +R for send to repeater through burp extender API

How to send CTRL , ALT or function keys keyboard Interrupt through Burp Extender python API?

Last updated: Feb 10, 2016 10:55PM UTC | 4 Agent replies | 6 Community replies | How do I?

BurpSuite not following redirections

When entering a website which always redirects traffic from http:// to https://, burp is not redirecting automatically from the http to https. Is there a configuration which will let Burp do so?

Last updated: Feb 10, 2016 08:57PM UTC | 2 Agent replies | 4 Community replies | How do I?

Make a proxy faster ?

Hi Im wondering, is there a way to make a proxy more faster and transparent ? (more like undetected ) Because some times, an application detect the use of a proxy and don't allow me to request any data and just block...

Last updated: Feb 10, 2016 11:41AM UTC | 6 Agent replies | 6 Community replies | How do I?

Renew License

I would like to know if it's possible to renew a burp license from the command line? (on Linux) from the command line? (on Linux)

Last updated: Feb 10, 2016 12:30AM UTC | 2 Agent replies | 1 Community replies | How do I?

automatically modifying requests

Proxy is able to intercept all requests and from there, I'm able to manually modify the requests. However, how can set this modification to be done automatically? For example, I would like to change the value of...

Last updated: Feb 08, 2016 10:05AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I close intruder tabs through Burp extender API

How do I close dynamic intruder tabs such as 1, 2, 3 etc through Burp extender API?

Last updated: Feb 04, 2016 11:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

Distinguishing between the 3 options under "Proxy's Certificate"

Under "Proxy >> Options Proxy Listeners", I see that there are three options under Certificate. 1. Use a self-signed certificate 2. Generate CA-signed per-host certificates 3. Generate a CA-signed certificate with a...

Last updated: Feb 04, 2016 11:07AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 300 of 310

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image