How do I? - Page 308 - Burp Suite User Forum

How do I detect the current SSL protocol

Hi, I'm using Burp Suite Free Edition v1.7.22 Is there any way to view the current SSL protocol in use while intercepting traffic? SSL 3 vs TLS 1.1, etc.

Modify a response status code

Hi, Is it possible within a burp extension to change a responses status code? Or if not, is it possible within a burp extension to intercept a request (not a response) and generate an entire fake response instead of...

intruder Chinese garbled

when I run intruder in chinese website and use Grep-Extract to filter what I want,If I filter the part is included in the Chinese, then the results will appear in the column distortion,help~

interact with a site that uses PKCS#12 certificates for protection

Hello Support, I am trying to interact with a site through Burp PRO version 1.7.22 that is using PCKS#12 certificates. I have a valid certificate and I am able to access the site when I use the SSL-bypass. However, when I...

Log files are handled how?

Burp Suite creates temporary files when it is opened. These files are deleted once the work is done. Does someone know what logging is made when en when it is deleted.

Attacking Multiple IP Addresses

I would like to run the same set of brute-force password-dictionary attack using the same set of parameters on a list of IP addresses. Is there a way to automate that using the GUI in Burp Suite? Thank you.

How to encode SSHA

Hi guys! I need to encode payload to SSHA in Intruder. But there is no SSHA in payload encoding. Here is example: test encoded to SSHA is qUqP5cyxm6YcTAhz05Hph5gvu9M=

Import jar in python program

Hello, I'm currently making a burp extension in Jython. I'm trying to import a jar file - I followed steps as outlined in http://www.jython.org/jythonbook/en/1.0/ModulesPackages.html. Using...

java deserialize

Hello - I am currently testing Oracle E-Business Suite that has a mix of normal HTTPS traffic with params and also HTTPS traffic that has the params java serialized. Is there way to deserialize the object to XML or some...

COntact for Support assistance

How do I request support (already have maintenance support) but have no idea who/how to contact anyone for support if needed.

No prompts using carbonator

Hi, i've installed BURP Pro + Jython + Carbonator. I'm now running java -jar -Xmx1g burpsuite_pro.jar https somedomain.com 443 c:\report.html but it doesn't product an output and it keeps prompting a dialogue box...

Extend Repeater to update another header file

I have a web application that expects a header value that is a hash of the contents of the POST body and an HMAC. I'd like to extend the Repeater tab similarly to how the Content-Length is automatically updated when the body...

Help

hi I Can Not Target Any https Web. When I Give request in Browser it show 301 Move Permanently what can i do now?

How do I make Burp save the current list of extensions so that the next time I open Burp they load?

I currently have a number of extensions that I don't want anymore, but if I remove them from the extensions list, the next time I start up Burp they appear again. I've tried saving the project options / user options but the...

Proxy

Hi, I have configured browser proxy with localhost:8081/However our company use proxy to go to web.Where i can configure proxy ip with port? thanks

keycloak - oAuth Login

Hi, How do I configure BurpSuite to automatically connect to my to test application using OpenID Connect/oAuth for Spidering, and active Scanning? I found already the EsPReSSO extension in the BurpAppStore but I cannot...

Data driven testing

Hi Is there any way to automate a testing mapping data from burp responses? It is, i do request 1, logon, which returns a token. Request2 needs that token as an input field, so there is an option to map that value from...

Fuzzing Testing

Hi I am trying to Fuzz and thought I would start on VulnServer. However I cannot successfully configure the Payloads and their positions. Is there any information available? Thanks

Burp Suite Professional Performance

Hi Support, I'm spidering a huge website and burp is getting really allow since the .burp file is getting really big. Is there a way to improve the performance in this case? Is there a way to use a database like MySQL...

can not recreate sql injection

I ran the burp suite scan on our internal website, they found a few sql injection listed as Tentative. I was trying to validate this error using the repeater option. I have not be able to validate this error, using the...