Burp Suite User Forum
Hello please reactivate my license
I have several items in my Target-Site map that are in red text. What does this mean?
Hi, I'm receiving a lot of false positives as nginx is sending the Date header - which is obviously different each time the scanner tries a new combination - so Burp is highlighting it (albeit tentatively). Is there...
I working with Java Thick client application which is used login in Browser after successful login it collects the jar files from server and later it became Desktop application i configured normal as Web application then...
Hi, We already have a framework in place that is covering all the functionalities of my application, Now we want to run those tests against Burp via selenium. The idea is to check vulnerabilities in each flow of what...
dear sir or madam, i have purchased the professional edition yesterday ,but still not received the license key, can you please check for me . and you can send the email to my new mailbox: gsmc.abu.om@gmail.com...
Scanning Alfresco, and wanted to do automated scans of "create-site" function (for example). GET of the "create-site" URL (or any URL) seems to refresh the CSRF token sometimes (Alfresco-CSRFToken), I think the first GET...
Hello, when I am doing a active scanning is there a way to detect what software is running. Like if the server process Adobe Cold Fusion or Apache or PHP or ASP.NET?
Hi, We have an issue with a site that all the URL are generated on the fly with random URL string. They can only be clicked once. Any request sent to the same URL will invalidate the session. So spidering and scanning...
Hi! Which Extender APIs should I be looking at if I want to automate the following (similar to Carbonator but a bit different): 1. My extension runs in headless mode (as Carbonator does). 2. Target URL and the whole...
In Google Chrome on configuring the browser with Burp proxy, google translate extension is not working.
I have patched the burp infiltrator and a file named infiltrator.config is also present. But while scanning I am not getting the issues reported by infiltrator.
This is really awesome tool ever.
Under Intruder, there is a section named "Payload Encoding", it allows to URL encode certain characters. Why is burp doing so, in other words, why are we bothering to URL encode the payloads before they reach the web...
Hi, Does port 25 need to be opened in the firewall for the new SMTP checks to work on our private Collaborator Server and is there an option to set the listening port? aka "smtp": { "port" : 8025 } Thanks
I am using Burp Suite Professional 1.7.04 In an application that hosts a Silverlight component I can see calls to the component's host page in the Http History. The Silverlight component makes https REST API calls back...
Hi Mr. Stuttard, I have an http request which contains following...
Hi there, stupid question. How come i don't see the Collaborator tabs within my Burp app? I have my Burp pointing to use the public Collaborator servers but not seeing any of the tabs. What am I missing here? Thanks.
So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.
Hi, I have a requirement where i need to replay all the request i have in the target. Please suggest me a way to replay all the request.
Page 303 of 322
Your source for help and advice on all things Burp-related.