Burp Suite User Forum
Hi, I have problems with setting connection when using Burp. I found out that when I am trying to reach the website using Burp proxy, just one SYN packet (and two retransmissions) is sent while when I don't use Burp proxy...
My proxy is "proxy.xxx.xxx.com". I am unable to edit under Proxy > Options > Proxy Listeners > Edit.
Hi, I configured my web app to -> 127.0.0.1:8443 to forward to all request to qa1.x.com:443. This works fine. the proxy is good. however, my web app javascript connect to a host: cdn.y.com This cause an application...
I get using the web browser for testing web based testing. What I'm confused about is...with BURP can you target a different host/machine/PC/linux machine and still use the web browser as the MITM. I want to look at a...
I use Burp to get trafic from my Android Mobile, but some applications returned the following error: (HttpNetworkException:error:14090086:ssl3_get_server_certificate:certificate verify failed) what does that mean?
I'm trying to setup a private collaborator using HTTP first using only an IP address on port 8080 (working on getting all the approvals for dedicated domain, wildcard cert, etc.) but the health check for the "server http...
Hi I am trying to use burp with my app, which is built with certificate pinning The certificates in my local server are self signed, so i understand i can bypass certificate pinning controls, right? When trying to...
Once a site is fully spidered, are there any ways to quickly the total number of the forms or login prompts on that site?
Is there any way for Extensions to use the "Define custom location" component that is part of the Sequencer and Intruder Grep - Extract functions? This component: http://oi66.tinypic.com/2zhfe60.jpg This would be much...
Since AMF support is disabled by default since 1.6.29, how is it re-enabled when needed? Or is AMF testing now limited to the Blazer extension?
If I change Active scanning areas during scan will it reflect in the current scan ? Scenario: 1. I have selected SQL injection checks and started scan 2. I pause the scan and select XSS Checks 3. I resume the...
Curious behavior difference between nikto output and burp output. From nikto a request like this: GET / HTTP/1.1 User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP) Connection:...
One of the apps I'm testing is coming up with Ruby Code Injection alert. The confidence is listed as Firm. Issue Details: The payload '+sleep(20.to_i)+' was submitted in the foo parameter within the bar cookie. The...
How to login in burp suite tool in free version and how to detect the errors in webpage.
Hey, so I was testing burp suite proxy to sniff HTTPS from AFNetworking SDK for iOS. I was successful in sniffing and intercepting HTTPS traffic with GET and POST from an iPhone by using a proxy. However, it seems it only...
Hi Team, I have been using burpsuite_free_v1.6 with upstream proxy with Java version: C:\Users\Administrator>java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java...
When I select the XSS vulnerability which Burp's scanner found, under "Request" I select "Show in Browser". Under the browser, I get the Javascript alert pop out. However, if I copy / paste the same exact URL (which has...
I am using the pro version of Burp (latest version). I can only see three SSL protocols (SSL v2, SSLv3 and TLS v1). How can I update this and SSL ciphers list?
Hi There, I was looking through the API and I couldn't find support for passing in values for Active Scanning Areas. So if I wanted an active scan to be performed with only some of these areas...
I am trying to add intruder request using Jemmy automation. I can find all components under Intruder | Positions subtab except the main request text area. I tried to dump all the compnents and look for the specific area...
Page 305 of 312
Your source for help and advice on all things Burp-related.