How do I? - Page 303 - Burp Suite User Forum

How do I use a password protected Java KeyStore for Burp Collaborator

Dear All As required for running a private Burp Collaborator instance, we have ordered and received a wildcard certificate for the domain we'll run our instance under. We've created a JKS containing our certificate,...

How do I specify which SSL/TLS ciphers Burp Collaborator can use?

Dear All, We're currently running a private instance of Burp Collaborator. As this host is visible to the internet, we include this system in our regular vulnerability scans focused on internet-facing systems. Our...

Can I add more scans to SQLi or XSS scans which are run by Scanner?

I want to configure Burp a bit more. As I understood, in Scanner / Options I can select the Active Scanning Areas. Is there a way to add more e.g. SQLi, or XSS to what already is checked? Where can I see the list of...

Edit list of long/short discovery file/directory lists

Is there a way to edit the long/short discovery file/directory lists that are used in Engagement Tools -> Discover Content?

get the "Responses queued for analysis" to actually "analyze?

I have been running the "discover content" tool and the "responses queued for analysis" number only builds and builds and never goes down. Even when the content discovery is over the number never decreases leading me to...

Reporting only on POST not GET methods? (Scanner)

Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some...

Customize the report output?

Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!

Compare site maps with a Authorization: Basic value

I want to do a comparison with different privileged accounts. For Site Map 2 I want to "Request map 1" with a new cookie. In the Options > Sessions I added a "Use Cookie from Cookie Jar" for Target. But there is a header...

Items already scanned

Are there any ways to highlight the items that have already been scanned manually or with active scanning?

unlimited "number of retries on network failure"

How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.

"Report selected issues". is not visible in burpsuite_free_v1.6.32 version

After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for...

How does Burp check for Anti-CSRF tokens?

How does Burp usually scan or validate anti-CSRF tokens? In other words, if the web application uses a form ID that does not contain one of the keywords which identify CSRF, does Burp use other methods? If so, how does it...

Website Requires Plug-in check

Hello greetings. I am attempting to brute force a param. In order to test if the param supplied is valid the page first requires that the browser has a proprietary plug-in installed. The plugin is only supported in IE...

Anti-CSRF

Hello, I have three related questions; 1)) Can Anti-CSRF tokens be present in publicly accessible forms (for unauthenticated users), or are they should only be present under authenticated user forms? 2)) If burp...

How do I send keyboard interrupts like CTRL +R for send to repeater through burp extender API

How to send CTRL , ALT or function keys keyboard Interrupt through Burp Extender python API?

BurpSuite not following redirections

When entering a website which always redirects traffic from http:// to https://, burp is not redirecting automatically from the http to https. Is there a configuration which will let Burp do so?

Make a proxy faster ?

Hi Im wondering, is there a way to make a proxy more faster and transparent ? (more like undetected ) Because some times, an application detect the use of a proxy and don't allow me to request any data and just block...

Renew License

I would like to know if it's possible to renew a burp license from the command line? (on Linux) from the command line? (on Linux)

automatically modifying requests

Proxy is able to intercept all requests and from there, I'm able to manually modify the requests. However, how can set this modification to be done automatically? For example, I would like to change the value of...

How do I close intruder tabs through Burp extender API

How do I close dynamic intruder tabs such as 1, 2, 3 etc through Burp extender API?