How do I? - Page 312 - Burp Suite User Forum

Burp Extension CSRF Token

Hello, I'm working on an extension where it will automatically grab the last response csrf token and insert it into the HTML header parameter for the POST request. I was able to parse out the CSRF token received from the...

How to configure a proxy chain with Burp as a last proxy?

I know that Burp can use an upstream proxy server. On the contrary, I need that Burp is the last proxy of a chain (using e.g. ZAP to handle all the traffic). Is it possible to configure Burp in this way? Any help is...

XML appears good, but Burp keeps giving me a "400" error during XXE Intruder attacks

I'm kind of at a loss and need another set of eyes. I'm attempting to set up XXE attack (Sniper) so we can test a fix, but I keep getting a "400 bad request" message. The payload I am using is as follows: POST...

comparing reports to view the changes

Ok, I have been scanning my company websites. What I need to do now, is to compared the reports for the mgmt. I save the reports HTML file I have search the BA store could not find anything like this. Is there...

Interception

Hello, I would like to make an extension for BurpSuite, which would intercept the requests, wait for a time interval, and then send the requests to the server. In the future I am planning also to modify these packets....

automatically scan the web site

Hi, my goal is to using Burp as a vulnerability scanner and scan the web site automatically. I built site map using spider and content discover, followed the instruction "using burp as a point-and-click scanner". Then I...

Burp Automated Scanning

While scanning an url having multiple parameters, if burp gets an vulnerability for a parameter does it check for all other parameters or it stops scanning for the url.

Licensing Burp Pro in VM Environment

In order to test one of our apps, I have to RAS into a VM environment that's not connected to the Internet and install Burp. After performing a manual activation of Burp Pro, I'm able to use Burp as expected. However,...

Help Alerts java.net.SocketException: Connection reset

When I am actively scanning our website on the internal IP address with Burp Suite Pro, I get a lot of java.net.SocketException: Connection reset So here is the setup of the scan I set the IP address to hostname in the...

Private Burp Collaborator Issues (Server HTTP connection Error + Verify Warning + Version Warning)

I have set up a private burp collaborator server in AWS using all custom ports but I have redirected the standard ports to these using iptables so from an external perspective they are fine. However I am having several...

Timings for Request/Responses

Burp Extender's getProxyHistory gives you an array of IHttpRequestResponse objects. How do you obtain the time the request was sent and the response was received? IRequestInfo and IResponseInfo don't appear to provide this...

reset session in intruder attack

Dears , is it possible while using intruder attack feature to reset the session every request to be able to pay pass the session expiry and continue the attack. https://owa.vodafone.com.eg/my.policy BR,

Burp Collaborator config

i have a ec2(cloud server amazon), and inside of this server i have a burp, running with "java -jar bur.jar --collaborator-server". In my local machine, i have burp pro. How can i configure my instance of burp in my local...

Auto Backup Option

Hi, I have been using previous version of Burp - 1.6.x where there used to be an option to Automatically Backup Burp's state periodically under the options tab, but with version 1.7.x we don't see that option,...

license

Hello Please increase my license , i can't download it again

customer number

Hi I change customer number then forget can i reset customer number?

Is it possible to save payload processing rules?

Hey, I often use, for example, match/replace payload processing rule in Intruder, but it's annoying to always enter the same values. Is it possible to somehow save them and automatically apply to all new intruder tabs?

Tricky Issues for Different HTTP Methods in Burp-Suite Active Scan

Dear Experts, We get a very tricky issue that, when we're trying to do active scan for some HTTP requests [the requests are triggered by our extension program using the burp interfaces], the requests with method type...

Is Burp Infiltrator working?

I think I'm using Burp Infiltrator correctly but I don't believe that I'm not seeing any Infiltrator results in the Issues. I'm testing against the WebBank vulnerable demo project...

Configure Burp to intercept Internet and Intranet traffic

Hi I have been using burp to intercept traffic to localhost websites only, basically i run tomcat locally and then use proxy 127.0.0.1 8080 in burp and browser, This works well for local traffic, but i cannot use for...