How do I? - Page 308 - Burp Suite User Forum

Discover content using basic HTTP authentication

Hello I'm trying to use the discover content functionality on a web site that uses basic http authentication. I entered the credentials in the Platform Authentication screen. When I run the discover content, all I get is...

Scanning based on Index ID

Hi, Burp has list of vulnerabilities that are covered by scanner which are listed here https://portswigger.net/KnowledgeBase/Issues/ Each vulnerability has severity and Type Index mentioned. Is there a possibility...

Clear the Scan Queue and Site Map from API

Hi, With the introduction of Project files in Burp 1.7+, all the data is saved automatically including Target SiteMap and Scanner Scan Queue into Project files, which is very useful. However, these tend to grow over a...

Unable to connect to site after updating browser with BURP proxy

I'm using BURP on my project and have verified the proxy listener is up. However; in my office, I use a company proxy to access the internet. Once I update the browser with the BURP proxy, I'm unable to use the internet. Is...

Burp Collaborator

What are the Hardware requirements for Burp Collaborator?

Don't quite get the meaning of "iterate all values of submit fields"

What does "Spider >> Options >> Form Submission >> Iterate all values of submit fields" do? I've read https://portswigger.net/burp/help/spider_options.html : "Many forms contain multiple SUBMIT elements, which result in...

"This Connection is Untrusted" message is showing

Everything is okay like download certificate in firefox and proxy/Network setting also done but i am unable to intercept with any site.I have also installed jre 1.7.0.My OS is 64 bit.I was doing my work properly with...

How to implement request in browser

Hi, is it possible to write an extension to have a "request in browser" like functionality? I would like to request in browser a specific request based in some conditions like a selected element or something...

CSRF Token

Hello, Custom parameter location in response but csrf not writing in response. Why not in the request? Because csrf parameter (_csrf_token=MXnHkkFn_GDk96WoRucoS26JJb4zAQA76jOhdeLG-Uc) in only request. Is it possible to...

Java Serialized + Zlib + gzip

I have this issue and I can't seem to solve it without writing an extension. The java thick client communicates with the server by doing the following on the data part of the HTTP POST request: Client: - Java...

Scaning Related

Hi! i`m very new user. I have been using burpsuite pro version since a few days. Can i scan web server using burpsuite? Thank you...

burpsuite_free_v1.7.03 Not allowed HTTPS

Hello Support I have issue with v1.7.03 I cant run HTTPS protocol Thanks

Collaborator DNS Functionality

Other than resolving 'A' type queries does the DNS server provide any additional DNS functionality. For example will it respond to the APNIC test for a lame delegation correctly? Or any other type of record lookup? Thanks

Confirming XSS high certain

Hi, Burp scanner is detecting an XSS (high certain) with the following GET request and response: Request: /CGI/…. &CategoryID=123"onload%3d"alert(1)"456&CategoryName=Retail HTTP/1.1 Response: <LINK...

Intruder question

Hi, I got some questions for Burp's intruder.. 1/ When performing a fuzzing attack, does burp wait for the actual response of a payload from the server before moving to the next payload? 2/ Can the fuzzing attack...

Filtering URLs with specific words

When a GET or POST request results in an error, the response URL will have the following wordings (and some other wordings depending upon the request made) "Could+not+create+url+for+page+path:+" (without "...

Scanning cloud-enabled application

Hello, We have a web application that is deployed as cloud-enabled application and using CDN. This can be accessed only by hostname and not using IP address. This hostname resolves to 3+ different IP address. Direct...

Burp - Intruder path traversal with list

Hi, I am using the Burp Suite Professional v1.7.02beta, and I was wondering if it possible to do a path traversal with the Intruder, especially with a list? In fact, I want to use the Payload Processing with a...

Records not being added during scan

Good morning! My group just downloaded Burp onto my computer, so I don't know too much about it... I've tried watching tutorials and someone from another office gave me a brief overview on how to set up the scan, but it...

how to list the cipher suite supported by the server

I would like to validate the cipher suites that a web application supports. How could we do it?