How do I? - Page 303 - Burp Suite User Forum

please reactivate my id

Hello please reactivate my license

Meaning of red highlighted text Target-Site map?

I have several items in my Target-Site map that are in red text. What does this mean?

Cross-site request forgery - ignore date response header

Hi, I'm receiving a lot of false positives as nginx is sending the Date header - which is obviously different each time the scanner tries a new combination - so Burp is highlighting it (albeit tentatively). Is there...

proxing Thick client Applciations

I working with Java Thick client application which is used login in Browser after successful login it collects the jar files from server and later it became Desktop application i configured normal as Web application then...

How do I run Burp with Selenium

Hi, We already have a framework in place that is covering all the functionalities of my application, Now we want to run those tests against Burp via selenium. The idea is to check vulnerabilities in each flow of what...

i have not received the license key .

dear sir or madam, i have purchased the professional edition yesterday ,but still not received the license key, can you please check for me . and you can send the email to my new mailbox: gsmc.abu.om@gmail.com...

Best manage CSRF in Alfresco

Scanning Alfresco, and wanted to do automated scans of "create-site" function (for example). GET of the "create-site" URL (or any URL) seems to refresh the CSRF token sometimes (Alfresco-CSRFToken), I think the first GET...

Is there a way to determine which software is being used like Adobe Cold Fusion 9 or 10 ?

Hello, when I am doing a active scanning is there a way to detect what software is running. Like if the server process Adobe Cold Fusion or Apache or PHP or ASP.NET?

Dynamic URL cannot be spidered or scanned

Hi, We have an issue with a site that all the URL are generated on the fly with random URL string. They can only be clicked once. Any request sent to the same URL will invalidate the session. So spidering and scanning...

How do I automate Active Scanning

Hi! Which Extender APIs should I be looking at if I want to automate the following (similar to Carbonator but a bit different): 1. My extension runs in headless mode (as Carbonator does). 2. Target URL and the whole...

google translate through Burp proxy

In Google Chrome on configuring the browser with Burp proxy, google translate extension is not working.

Burp Infiltrator

I have patched the burp infiltrator and a file named infiltrator.config is also present. But while scanning I am not getting the issues reported by infiltrator.

This is really awesome tool ever

This is really awesome tool ever.

Intruder options:

Under Intruder, there is a section named "Payload Encoding", it allows to URL encode certain characters. Why is burp doing so, in other words, why are we bothering to URL encode the payloads before they reach the web...

Port 25 needed for new SMTP Checks on Private Collaborator Server?

Hi, Does port 25 need to be opened in the firewall for the new SMTP checks to work on our private Collaborator Server and is there an option to set the listening port? aka "smtp": { "port" : 8025 } Thanks

Http History does not record calls from browser to webapi on the target site

I am using Burp Suite Professional 1.7.04 In an application that hosts a Silverlight component I can see calls to the component's host page in the Http History. The Silverlight component makes https REST API calls back...

Injecting special characters like " /,*,' " into an http request

Hi Mr. Stuttard, I have an http request which contains following...

Burp Collaborator

Hi there, stupid question. How come i don't see the Collaborator tabs within my Burp app? I have my Burp pointing to use the public Collaborator servers but not seeing any of the tabs. What am I missing here? Thanks.

How do I manage JSON Web Token auth in Burp?

So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.

Replaying all request without payload

Hi, I have a requirement where i need to replay all the request i have in the target. Please suggest me a way to replay all the request.