Burp Suite User Forum

Create new post

Increase single-thread scanner speed

Not sure if this is a bug or the standard behavior, so posting here first. I tried this with burpsuite_pro_v1.6.11.jar and burpsuite_pro_v1.6.02.jar with the default initial config. The application was hosted locally with...

Last updated: Jul 26, 2015 08:39AM UTC | 4 Agent replies | 2 Community replies | How do I?

Proxy (VPN) Help [URGENT]

Hello, I've got Burp Suite Professional and I've got a test Process here for my Website, that it attempts a combination of a specific E-Mail and a bunch of Passwords. However, I've put it (on my Website), so if the user...

Last updated: Jul 23, 2015 07:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Session handling

session < > " ' `

Last updated: Jul 21, 2015 01:46PM UTC | 0 Agent replies | 0 Community replies | How do I?

Session handling

The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redirecting and sometimes after...

Last updated: Jul 21, 2015 01:00PM UTC | 0 Agent replies | 0 Community replies | How do I?

Session handling

The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redirecting and sometimes after...

Last updated: Jul 21, 2015 01:00PM UTC | 0 Agent replies | 0 Community replies | How do I?

Handling Multi-Staged Logins for Scan with Burp

I am trying to automate the login process and validation of successful login via Burp Session Handling/Macros. This login requires an initial POST that includes the username/password, then, in the response to the initial...

Last updated: Jul 17, 2015 07:35AM UTC | 4 Agent replies | 4 Community replies | How do I?

intercept proxy based applications

I was trying to intercept an application (Internet Download Manager) requests after I configured it's proxy, I was able to intercept the request, however I don't receive response. could it be a certificate problem? if not,...

Last updated: Jul 13, 2015 12:36PM UTC | 3 Agent replies | 2 Community replies | How do I?

Determining number of requests/attacks made

I am scanning two websites for XSS attacks (or any other test) only One is ASP.net and other is PHP. Lets say I am testing only URL parameter value and in both the cases there 5 parameters each Question 1: For both...

Last updated: Jul 10, 2015 03:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

changing responses exiting burp

A thick java application needs gzipped responses, so I'm trying to make an extension that re-gzips HTTP responses going from burp to the application. However I can't find the right callback to register. Both IHttpListener...

Last updated: Jul 10, 2015 08:14AM UTC | 1 Agent replies | 1 Community replies | How do I?

Query Parameter in SSL Request, where is this?

I am validating issues which were previously found. In the URL, the following information is available: GET /cleaned/servlet/ControllerServlet?commandLink=AppPriceReportList.jsp HTTP/1.1 Since the connection is via...

Last updated: Jul 07, 2015 02:50PM UTC | 2 Agent replies | 1 Community replies | How do I?

Intercept server request/client response

Im running a game server and the masterserver request bunch of informations so it can show my server in a server list/browser this is the request from the server (wireshark) GET / HTTP/1.1 host: XX.XX.XX.XX:4545 (my...

Last updated: Jul 07, 2015 01:28PM UTC | 2 Agent replies | 1 Community replies | How do I?

Spidering - avoid getting all the products from store

Hi there, I've been trying to spider a site and adding the results to the scope. The problem I'm facing is if we want to spider a store with a catalog of, for example, 10k items, it will try to crawl all those items (the...

Last updated: Jul 07, 2015 08:15AM UTC | 1 Agent replies | 0 Community replies | How do I?

Transfer license from one user to another

I have purchased Burp Suite for multiple users. Can you please tell me the steps to activate the second user using the license key that I have purchased ?

Last updated: Jul 06, 2015 07:25PM UTC | 2 Agent replies | 1 Community replies | How do I?

Writing an extension to add a signature on requests

Hello, I am testing a web service that expects one of the request parameters to contain a hash of the remaining parameters and a shared secret. If I do a scan of it with Burp Scanner the majority of the requests will be...

Last updated: Jul 02, 2015 08:43AM UTC | 1 Agent replies | 0 Community replies | How do I?

Importing CA certificate into cert

I have read the howto and i am trying to do the following in order to create new cert and import it into burp. 1. openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der 2....

Last updated: Jul 01, 2015 09:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Macro creation for variables that keeps changing for every request and response.

Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login...

Last updated: Jun 30, 2015 10:57AM UTC | 1 Agent replies | 1 Community replies | How do I?

Treating existing values in a parameter while scanning

Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning...

Last updated: Jun 30, 2015 10:56AM UTC | 2 Agent replies | 2 Community replies | How do I?

Python Extensions

I have installed Jython and installed several Python-based Extensions. I have configured 'Folder for loading modules' to point to /usr/lib/python2.7 (have also tried python2.7 and python3.2). All extensions fail. Most...

Last updated: Jun 27, 2015 03:31PM UTC | 1 Agent replies | 2 Community replies | How do I?

How to flag only new issues when Burp is run on a continuous basis

Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The...

Last updated: Jun 17, 2015 08:29AM UTC | 1 Agent replies | 0 Community replies | How do I?

Spider a application with form based login

For spidering I filled in the scope at Target > Scope. And at Spider > Options I used for "Application Login" > "Prompt for guidance". But after running the spider as "Spider from here" (as it was the / site) only a...

Last updated: Jun 16, 2015 04:08PM UTC | 1 Agent replies | 1 Community replies | How do I?

Page 313 of 316

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image