How do I? - Page 314 - Burp Suite User Forum

How do I manage JSON Web Token auth in Burp?

So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.

Replaying all request without payload

Hi, I have a requirement where i need to replay all the request i have in the target. Please suggest me a way to replay all the request.

Report highlight

Hi I've been using Burp for several year now and am a totally dedicated fan of this product! I have however not until now decided that I should create my own customized reports. There are several reason, but one major...

CSRF in POST request. Proxy only shows GET.

Found an interesting issue. A recent scan gave a CSRF finding in a POST. Going to the HTTP history tab multiple GETs to the same resource that was identified in the finding but no POSTs were found. How am I able to to create...

Active Directory Single Sign On

Hello team, Is it possible to use proxy tool when the application use authenthication on Windows Active Directory Single Sign On. Because when i use burp suite i face authorizathion issue. Pleaee help me to sort out

Manually Recover some items in Corrupt Project file?

I have a very large scan that took place over several days and my computer crashed at some point in the last few hours of the scan. Now the project file is corrupt and Burp cannot repair the scan issues. It was able to pull...

Registered in England and Wales (company no. 6719143)

We perform the payment of the renewal of the license number of the Company 6719143. the license has not been renewed We send e-payment support licensing@portswigger.net ; office@portswigger.net;

How "real world" is the CSRF PoC Generator

So here is my dilemma. I found a website that potentially has a CSRF vulnerability and when I proxy my traffic through Burp, generate the PoC html file, CSRF works. The thing as, as far as I know, the CSRF token isnt being...

Invisible listener for websocket traffic

I'm trying to see WebSocket traffic for an application on an iPhone. I've configured the iPhone and Burp using these two...

How do I keep settings in vmoptions.txt?

Hi, I'm using Burp Suite Pro native platform installers for Mac OS X. When I update my installation, the updater overwrite existing /Applications/Burp\ Suite\ Professional.app/Contents/vmoptions.txt with the default one....

authenticated session spidering/scanning

hi all, could you provide a step by step guide on how to setup a macro, or any other mechanism in order to automatically login into application if i get logged out? my scenario is: - authentication server, say:...

Precise Scope Regex Rules

Hi, I'm using Burp Scanner against a site using the Carbonator extension, and I'm having some problems with site scoping. I'm initiating Carbonator against, say, "http://example.com", and specifying that Carbonator run...

Scanner errors and re-scanning

Hi, Often when I do a scan, there are errors. I believe these are due to weekend jobs running backups and such, causing the network to slow down. Unfortunately, I cannot always pick and choose when I scan, and cannot baby...

xssValidator not working

I am trying to get xssValidator to work on Windows 2008 Server.. I think my problem is that I am trying to patch from different solutions and versions and cannot get it work. May you please guide me on the steps to get...

Get proxy accepting connections

In the last 2 releases of Burp 1.7.08, 1.7.09 I have not been able to get any data to proxy through Burp. I have reset all of the proxy settings to default, and checked that the browsers I am using can proxy through other...

Mobile Security

I am using burp on android device by configuring android with burp and I also installed burp CA certificate on device, it is also showing PortSwigger CA In trusted credentials. I was able to capture through browser but I am...

Configuration of Collaborator server & testing an applciation using IAST model with same

What ever the documentation is provided to configure collaborator server and connecting it back to BurpSuite tool looks cumbersome (to me personally). Full of documentation, not even 1 single diagram was provided to depict...

Burp could not obtain file lock of project file

Hi there, I'm using the 1.7 beta and burp crashed at some point. When I try to open the project burp just says "Could not obtain lock on file : [...] 12345.burp". What can I at this point?

fuzzing - Burp suite - csrf macro

Hello, I implemented a website using the vaadin-framework. When I send a request to my server, there is some data in my POST-Request which looks like: ...

I didn't get my paid burp suite software

I didn't get my paid burp suite software My order id is https://portswigger.net/buy/ThankYou.aspx?oid=3F7C2621C5