How do I? - Page 305 - Burp Suite User Forum

How should I config if i need parse https data?

I use Mac + Burpsuite + chrome (v61.0) + SwitchyOmega , and I had tried almost all tutorials to setup CA and it doesn't work. I followed this steps: 1. I access 127.0.0.1:8080 and download the cacert.der CA file. 2. I...

Configure Cluster bomb

Let's say I use a cluster bomb attack with the repeater on this request (a quiz in which you can pass by checking the 3 corrects...

Macro+soap service

Hello, I have to test a soap service. Specifically a function that deletes a token. For the deletion to be successful I need to use the function to create it. So i created a macro that runs the creation and I have set the...

Burp Proxy unable to intercept Genymotion's traffic

So I'm a Burp Suite starter and I'm having the issue where Burp's proxy is unable to intercept traffic of the emulated device's traffic even though it can contact the proxy itself through the web interface and ping it also....

Private Burp Collaborator Daemon Stop/Start

Hi there, I just moved the newest burpsuite pro jar to my existing, private collaborator server, but I'm having some trouble with the daemon which I'd like to stop & start to apply the newest jar. I've issued a stop to it...

Advanced Proxy settings

I want to access a server which is in a different part of the globe. If I access to the server, I get an error of being outside of that country. If I use fiddler and add a simple flag of "X-override Gateway" in the script,...

Advanced Proxy Settings

I asked the following query a couple of days back: - I want to access a server which is in a different part of the globe. If I access to the server, I get an error of being outside of that country. If I use fiddler and add...

How to launch Intruder attack from command line

Hi, I would like to know if there is a way to record an Intruder attack so that it would be possible to launch it again from command line. The idea is to automatically launch fuzz testing. Through my research, I saw...

not comparing username and password at the time of performing attack

Hey, When I perform brute force attack with DVWA and burp suit, some times HTTP request can not be shown. and another problem is after performing final step and click in "start attack" user name and password is not...

Test thick client which is hard coded with server IP address?

I understand that the Invisible Proxy mode can be used to proxy thick client's HTTP request. However, is this approach feasible for thick client that is hard-coded with server's IP address? The reference below is only...

Prodigy math game?

When I edit an Item ID, Nothing works, such as when I change the ID for my boots, I just change the code that is the actual item id, and it doesn't change my boots. Am I doing something wrong? Do I have to change anything...

The Inferred Items in Site Map

Hi, As you know, in the Site Map View, the inferred items are displayed in gray, as they are not actually requested, but Burp discovered links to them in the content requested. My question is: for a specific inferred...

Configure Burp to recoginze traffic from a Visual Studio debug (Start)

When I start up my application from Visual Studio and I hit "Intercept is on" in Burp, it doesn't seem to see what is happening in the web application. Any help on how to do this?

Autoscan Insertion points

I am trying to make an extension for burp that provides request and insertion points for scan via command line. I can perform scan on the request with default insertion points of that is by not passing anything for the...

XSS in json parameters

Hello? I have got several XSS issues from the Burp Scanning but they couldn't be exploitable as the response messages have 'Content-Type: application/json' header. I investigated this with old browsers (e.g. IE8) but...

BSON Format

Does anyone have experience testing endpoints that expect BSON content? Is it possible to implement a plugin that encodes the Active Scan payloads as to be able to stress these endpoints from Burp Pro? Thanks in advance.

Intercepting iOS traffic

Burp is giving unkonown certificate errror while intercepting traffic for an ios app which is on https. The certificate has been added the trusted profiles and also app doesn't use certificate pinning .

Target Scope scan

Good Day May I ask, how can I manually initiate a scan using the Target scope What I have is txt file with urls that has been loaded onto the Target Scope but I'm not sure how the scan is started Thank you Jabu

Find the actively scan defined insertion points

How do I find which parameter I selected on "actively scan defined insertion points" feature in the context menu of the Intruder? If you go to Scanner tab there will be an item there but no information at all which...

Burp appears not to be working with HTTPS

I have been through every guide on this site. installed and reinstalled certificates. configured burp and browser to work together to generate certificate. checked all settings installed, un-installed and...