How do I? - Page 306 - Burp Suite User Forum

How to test Cross Site

We have bought Burpsuite professional edition .Kindly let us know how to test cross site in our Application. In your tool it is not detecting Cross site in our application but other tool are detecting .Please tell us proper...

Burp Collaborator Results & Errors

Hi all, I was checking this one app, where, while using Collaborator feature, I noticed a seemingly inconsistent behavior. The app is protected by Cloudflare, and it is possible that WAF is also in use. I am using...

issue - license key asking before expiry date

My system asking again and again license key before expiry date

set up burp suite on a remote host in order for

Hello support... I am looking to have burp suite set up on a remote host in order and our teams connect using a web browser if possible to run pentests on webapps? Thanks, Sam

Why the content discovery always check the .gif file?

When I use the content discovery,I found this will genered a ton of task to check .gif filetype?maybe I missed some setting? Queued Tasks Path /Tasks /requests /xx/xx/images/ Test...

Getting err_cert_authority_invalid after following the instruction to configure in Android

Hi, I am getting the error: err_cert_authority_invalid after i installing cacert in Android device. I follow the step that is available here and still getting this error. Please help. Thank you!

Burp Proxy and Microsoft Office Plugin?

Trying to test a new app we're developing which has a plugin for Office that is a browser that allows for a template like builder pulling data from auth'd server. Tyring to figure out how to proxy that plugin w/in MS Office...

JSON and form-urlencoded encoded payloads in Burp Intruder

The application I'm running a security assessment on encodes POST requests as a URL encoded parameter containing...

Recovery Upon Burp Crash

Burp crashes and I need to recover results/findings of the scan. Burp used to offer automatic backups but that's no longer available in v1.7.x. Is there a way to recover the many hours of lost scan results ? I'm using the...

Autobody Paint & Restoration

All makes and models base/clear. Lifetime warranty on parts and labor. Call 304-616-1948 or 304-579-5833

Anti-CSRF Token Update/Burp Macro

Hello, I have been testing out the macro functionality of Burp in order to update anti-CSRF tokens on requests. I'm having issues because when I record and test the macro, everything works fine and as intended but after I...

Match and replace

Hello. How do I write a newline character in the Replace field, in "Match and Replace"? Which kind of notation is used? Is there any list of examples? Thanks in advance.

Non-GUI configuration of predefined payload lists in Intruder

Hello, default Intruder payloads can be modified through the GUI via the "Intruder -> Configure predefined payload lists" menu. However, I'd like to set this option when starting Burp Suite, using a JSON file like for...

Burp Collaborator Health Check & SSL

Hello, I have deployed a private Collaborator on my internal network, and I am attempting to get SSL to work. We have an internal CA that I have used to issue a wildcard cert. When I run the health check I still get a...

View HTTPS Traffic Without Decrypting It

This seems so simple, but I cannot figure it out... I provide screenshots from Burp to illustrate particular points observed in the Suite. I would like to provide an encrypted/decrypted view of a particular application...

Burp spider/scan - endless requests due application design

Hi, I was wondering if anyone has some tips for spidering/scanning web application that uses URI to create searches and define options for downloads. For...

How do I reuse or restrict burp's source ports

I'am using intruder configured with 50 threads. It seems that on each request burp uses new source port. The gateway router NATs every request on a separate port. Each 16300 requests intruders requests are dropped for couple...

x

Installing Burp Suite SSL cert Firefox-Linux

I have selected Manual proxy configuration in Firefox and turned the Intercept on in burp suite. When I visit a site I get the "Secure connection failed" error, so I am now trying to install Burp's SSL certificate. But when...

Macro changing all parameters, despite Session Handling Settings

Hi There, I setup a Macro to capture a CSRF token and that piece in and of itself is working wonderfully. The problem is that the Macro changes all of my macro values to the default values saved from when the macro...