How do I? - Page 309 - Burp Suite User Forum

Filter Results Intruder

Hey, I recently started using Burp and I preformed an intruder test using cluster bomb with two payloads (user & pass). I had approximately 1 million requests sent to the local server. The problem is that there is only...

Burp CLI verson

Hello, using burp in command line mode I noticed that while building report, I get results from all the burp runs and all the requests burp ever proxied. Stopping the service and starting it, doesn't restart the amount of...

Burp pro v1.7.08 - you have limited key lengths available JCE error

Hi, I am running Burp pro v1.7.08. Java version is 1.8.0u112. I am getting the following errors with SSL traffic inspite of installing the JCE unlimited strength jurisdiction policy files for Java 8: Failed to...

Burp can intercept HTTPS but not display in browser

I have already install burp CA When I surf to HTTP/HTTPS the link showed in HTTP History but in browser it show "connecting..." "waiting for [HTTP/HTTPS]" What should I do?

angularJS - Client-Side Template Injection

Hello - I'm testing a web app that is using AngularJS v1.3.11. Burp has flagged multiple high risk client-side template injection issues with a confidence of firm. I'm trying to figure out if this is a false positive or...

Interception turned off upon starting

Hello, I would like to ask you how should I save (and load) a burpsuite project that on start, upon loading from a .burp file, interception will be turned off? Thanks.

Does Burp Collaborator test for "dangling markup" vulnerabilities?

This article on github (https://githubengineering.com/githubs-post-csp-journey/?utm_source=webopsweekly&utm_medium=email ) outlines an attack where an attacker injects an unclosed img tag <img...

Possible to add a list of Upstream proxy(s)?

Hi all, I've only been using Burp Suite for a week now, and I think it's very useful. Does anyone know if it's possible to add a list of Upstream proxy's directly into Burp without adding the proxy's...

Since iOS 10 can't trust Burp anymore, recommended alternatives?

Since iOS 10 can no longer really "trust" the Burp Suite certificate, does anyone have any alternatives that free? While it shows up as trusted in iPhone, it still marks it as not secure when browsing to a site that uses the...

I am not able to activate my burp license after formating my laptop.

My laptop had windows 10 pro burp installed. After formatting I installed windows 10 single language and tried to activate burp but no luck, it says "activation failed no more activation for this license". But burp was...

Received fatal alert: handshake_failure

Hi, Got this error while trying to intercept via Burp on Windows 8.1 "Received fatal alert: handshake_failure"

auto login

Hi, Burp offers macro to auto login. I was able to record macro, and the macro will add new cookies in the cookie jar, and the subsequent requests use the new cookies. However, the subsequent requests need one...

Manipulate Header Request Parameter in Extension

Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired...

How to switch ip addresses per 6 requests?

Hi, I am trying to run a attack on a login page. The problem is that it locks me out every 6 requests. Is their a way to change an IP on every 6 requests? I have tried the IP address header extension but when I run it does...

SiteMap & Spider Out-Of-Scope Entries

Hi, I have an application that I'm testing with thouthands maybe more of urls like example.com/[0-9]+ and I don't want to go thru them all not in Sitemap/Proxy/Spider so first I setup a rule in Scope Exclude with...

Pretty JSON

Hi, I'm using the latest BurpSuite Pro and I noticed that "Pretty" script from BApp Store just vanished. So, now if I want to beautify JSON response, how can I do it ? Cheers,

Filter

How do I add a filer which can just Drop/Intercept/Delay a specific format of message?

problem in using burp suite

I can't listen on 127.0.0.1:8080. I am able to listen on another port (for e.g. 127.0.0.1:8000). when I am connected to port 8000 ,{{ connection : close }} .I know, It should be {{connection : keep alive }}. i have watched...

Calling a saved Intruder Attack using Extender.

Hi, I am creating an Extender that will run an Intruder Attack every day at a specific time. The first step that I wanted to do is run a saved attack. Using which API I can accomplish the above. Thanks in...

Analyzing different response page with Intruder & Scanner

Can Burp do the following scenario: Request Page: www.example.com/account=123 Response Page: www.example.com/account-submitted View Account: www.example.com/viewAccount So I would like Burp intruder to submit the...