How do I? - Page 306 - Burp Suite User Forum

Account lock out

when i initiate automatic scan in burp, the application account/login page gets locked out.please let me know the solution.

Intruder request using callbacks.sendToIntruder() errors The basic request does not contain blank li

I am writing a java program to load intruder using callbacks.sendToIntruder(). I am sending a valid request to intruder but when I try to launch the intruder attack it always complains with The basic request does not contain...

Testing with DVWA

Using the DVWA app and attempting to brute force the front login as well as the login section of the app does not seem to function properly, even when using the brute force instructions on this website. Brute forcing the...

Scanner: XSS with percent sign

Burp Scanner recently flagged an XSS finding where the injected string was <%MWITE>. Further investigation revealed that the application would also reflect <%script>. Under what circumstances is this actually...

Automating Burp scan

Hi, We are using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool...

How do i use the active scanner to scan json and gwt requests?

I can do this by sending a request to the Intruder and then choosing 'Actively scan defined insertion points' for JSON (or by using the GWT insertion Points extension for GWT). How do I do this in bulk, as opposed to...

Integrating Burp and Wireshark

I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to...

'Send to' Extension

As a new member of the Burp community, I was playing around with creating Extensions. I now try to implement the "Send to" feature with my Extension, I want to send items from the HTTP History to my Extension, where the...

Burp API Useage

How Do I stop the scanner from running through API calls? I see there is functionality there to start the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api

how do I know if intruder attack rate gradually slows down?

I am using free edition, and noticed whenever I launch an attack on a particular site the time between attacks slows down considerably over time. At first I presumed it was the website defending itself ... but perhaps that...

Settings doesnt save when we close and reopen burp

Hello, When I open up burp, I make changes to various setting available (like target scope settings, proxy settings, scanner settings etc etc etc) when I close and reopen burp, every thing restores to default. how do...

Repeater interprets command incorrectly

Using OPTIONS HTTP Method does not render any results using the command below. OPTIONS / HTTP/1.0 I used the "Copy as curl command" option of the repeater and the repeater is interpreting the command incorrectly as...

Need help with password cracking

So my friend gave me permission to try and hack his instagram So first I intercept while tring to login to his account and i get POST /accounts/login/ajax/ HTTP/1.1 Host: www.instagram.com User-Agent: Mozilla/5.0...

Burpsuite Closing the Connection

Hi, I am having an issue testing a specific web app. The application, when not proxied, keeps the tcp connection open, and makes multiple HTTP requests over this connection. When proxied through Burp it closes the...

Using sqlmap with Burp

Hi All, I have a SOAP API that require two unique parameters (Email and UserID). I'd like to use Burp to intercept the sqlmap request and replace these two parameters with random and sequencial numbers. Is that...

Non-HTTP request

Hi Burp team! I have a java application to check. The app starts the communication over HTTPS and then the communication changes to non-web protocol (no over HTTP just over sockets and the content is java serialized). I...

XSS vulnerabilites

Hi, I am reading the Web application hackers handbook and came across numerous XSS filter evasion techniques. Wanted to know if using the scanning functionality of Burp Suite automatically checks for all or most of them ?...

Ability to customize the project files to save space?

I noticed that the "saving state" functionality is due to be replaced by the new project file functionality in the future. Is there any way to customize what is saved to a project file in the current version of Burp, or is...

Configuring burpsuite to work with youtube on https

Hi, I'm trying to look at what's going on in the traffic in particular to youtube, but couldn't get the BS proxy to work with it. The other normal sites are fine but I guess its the https that youtube uses that's causing...

Web pages keeps on loading through burp free version?

I have set up Burp Suite with Firefox and have used all the correct settings, and it is connecting to the proxy on 127.0.0.1:8080. The Burp Suite software is able to see the pages I try to visit in the browser and can give...