How do I? - Page 307 - Burp Suite User Forum

Burp Collaborator DNS Configuration

Hi, I'm currently experiencing issues configuring DNS settings on a Burp Collaborator server I have deployed on a cloud instance. The server is within a sub-domain of my companies domain. Within the documentation it...

spider authentication error

Hi, I am facing authentication errors when I try to Spider my application. I have enabled proxy and I am already logged into the application. When I start the Spider all the queued requests throw following...

Need info for creating custom intruder gui

Hello All, I am working on a extension development which has a requirement for custom UI for intruder tab with default intruder functionalities (i.e. the ui is only different, core functionality will be same as intruder...

JavaScript not detected error?

I am getting

Form action hijacking

Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the...

Https not working on new phone

Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device...

Private Burp Collaborator Server is not working only for me apparently

I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar...

security testing

Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing...

Analysing a token in hex format with sequencer

Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is...

How do I use burp suite to scan hidden fields automatically

How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use...

not able access the mobile request after a successful configuration.

Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.

Sequencer

I have a question on how the sequencer works. Are the tests (monotest, poker, etc) executed on each token and then averaged? So with, for example, 5000 tokens you would have a "decent" average? I know that by definition the...

JRE Install didn't work.

I followed the "Getting Started" instructions. Checked for Java, did not find it, downloaded latest JRE, tried to install it and got error message to run SxsTrace. Not sure what to do next and finding nothing in any of your...

hi

Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote

How Do I: Tell Intruder that a particular field must be unique for every request?

Hey, I have a web app that has an "Add User" feature. The form submission includes lots of details (about 150) and one of the fields submitted is the "Username" field. I have used the pitchfork attack type and this...

http://burp problem. help plz

hello, After proxy connection, http://burp Only proxy history is shown at the time of input CA Certificate Icons do not exist in upper right corner Help plz

Trying to connect different proxy instead of localhost.. How can i do it?

Hi, I am accessing my application through some different proxy and port (not local) and also connected via VPN. Now i need to do security test of that application using Burp. Could you please give me the detailed...

How to write macro for JSF login page

I have a problem with writting macro for JSF login page. I have done every possible things (remove cookies, javax.faces.ViewState etc.) but I havent figured it out. Any ideas for this problem? Thank you in...

burp intruder

Deleting target, proxy, scanner and spider per domain

Hi, Is it possible from a custom plugin to delete target, proxy, scanner and spider information per domain? e.g. delete and target, proxy, scanner or spider information for www.abc.com, but keep rest? Many thanks, ...