How do I? - Page 312 - Burp Suite User Forum

Collaborator Server behind cloudflare

How do I setup a Collaborator Server in a subdomain? My DNS is managed by Cloudflare. For example I want it to be: burp.domain.com I understand that I need an A record for burp.domain.com Also a NS record that...

Scanning a "POST" causes a "GET" with no parameters

I'm doing an active scan of a POST that has parameters for session ID, which is also stored in the cookie jar. However the attacks created by that scan produce "GET"s that have no parameters (no session ID) which causes my...

Proxy history without intercept

Hi, the documentation does not say whether it is possible to record proxy history with the intercept feature turned off. For my research project we only need the history, we'll never use the intercept feature and it would...

How to insert Intruder payloads before original parameter value

Hello, I'd like to insert Intruder payloads before original parameter value. The purpose of this is to assess an application which checks the first fixed numbers of letters in a parameter value. Could you give me any...

Scan errors in Burp

I ran an active scan using Burp. The scan was abandoned due to multiple errors. I would like view the error logs so that I could figure out what went wrong. How do I check these errors?

Detection of Cross Site Scripting

I recently used Burp Suite to perform a XSS scan. A reflected XSS vulnerability was reported. When I reviewed the request and response I noticed that the supplied input is exactly echoed in the output. Case 1 Two inputs...

Form Submission

I am spidering a website and opted for manual form submission. Question 1: In the submit form dialog, I can see hidden fields also expecting an input from us (there is no default value as well). In a typical browser...

Utterly unclear on the purpose of spider

My impression is that spider expands the sitemap as it crawls, aided by its form submission abilities, etc. But after I spider my entire host, I notice that manual active scanning the entire host does not make a...

save proxy message

is it possible to save request and response contents into file programmatically ? like manually we can do by HTTPHISTORY tab->right click and select save item to save the message contents into specified file can it be done...

Scanner Starts Fast But Slows to a Crawl

I have a small website for which I'm attempting an active scan. There are about 120 items in the scan queue. It starts out quite fast for the first few minutes. But after about 10-15 minutes, the scan requests slow to a...

Integrate BurpPro with late-model kali linux (@ kali.org)

I download and use kali linux and keep current with their updates. It has the burp suite already. 1. If I purchase the PRO version (@ $299/yr) as I'd be the only person using it... how do I install it into kali? Is...

Insert Images

How to insert images when I am making a public post in the new version of the forums ? In the previous version of forums/board I was able to insert, but this one I am not able to do so. Please help me.

How Do I view if the Burp CA is installed in iOS 8?

Hi, How do I view if the Burp CA is installed in iOS 8? In iOS 7 I could do it under General -> Profiles but in iOS 8 this screen has gone. Thank you

socks support

hello everyone! I m stuck here ..nowdays it s almost imposible to test something without changing ip from time to time that s why i want to ask you is there any support for burp like Multiple proxy support (each request...

How Do I read the burp saved state.

I need to extract some information from the saved burp state file. The burp state file is in zip format. So I'd unzipped the file and it contents xml. For some reason none of the php xml reader is able to read the...

Command Line for Resetting User Settings in Burpsuite

Dear Support, I occasionally have issues with Burpsuite locking when I try to load it. There is a command line option for resetting user defaults, but I cannot remember it. It was something like --reset-defaults or...

Need to know how to use this tool

Hi Guys, i want to know how to use burp suite, sql injection, xss validation, content type incorrectly used,etc.. any one can teach me with the free edition of v1.6 Thanks in advance

How to use burpsuite with IE automatic configuration script option

Hi, I could not able to configure burp suite with browsers. If I use manual connection settings in browsers,I could not load any site.Because my company need to use : Internet Explorer -> Option -> Connection -> LAN...

Intercept requests made from excel

I am clicking a link in a excel cell. Tell me if i can intercept thst using Burp. I have a Burp Prof license

Can we Test ThickClient build using C++ running on TCP Protocol

Hi, We are pen-testing Thick-client application developed in C++ running on TCP protocol using Winsock controls. I have tried changing the following >> Under proxy tab modified Options...