How do I? - Page 315 - Burp Suite User Forum

Stop burp processing killing application server domain

We have a BURP automation to perform penetration testing. This automation is hosted on an application server (Weblogic and Tocat both tried). Automation suite starts BURP tool and performs penetration testing. As soon as...

Custom root CA

How can I install custom root CA (not issued by PortSwigger) in both client and Burp Suite?

intruder recursive grep

Hello, tl;dr Can Intruder Recursive Grep payload value for "Request 1" be extracted from "Request 0"? Testing an application that uses a unique CSRF token on each request and kills the session on an incorrect value....

Changing Requests Leaving Burp using Burp Extension

Hello, I try to write an extension with Jython, that automatically changes requests leaving burp. For a simple example, I tried to change every occurence of "Gecko" in a request. (User-Agent field) I only process...

How do I check out malicious input Database that Burp Suite Scanner uses for different attacks?

I have bought Burp Suite Scanner and I was analysing it. I checked for various vulnerabilities it detects by trying out various attacks. I want to check the list of malicious inputs it uses to inject in the fields. for...

Burp SSLException/You Have Limited Key Lengths

With Burp version 1.7.05 I am able to connect to a site successfully, but with version 1.7.06, I get the SSLException and "You Have Limited Key Lengths" alerts when trying to access the same website. Any hints as to what...

not connecting burp , firefox

hi iv been using for lat one month , its worked fine , untill today mornig i tried to configure burpsuite to capture my andriod mobile trafic ..i used ur forum tutors for this it didnt wrkd at all so delete...

Scanning a REST-style URL

Hi I've occasionally played with the pro version of Burp over the years and three years ago I found a SQL injection in one of our IIS/asp.net web apps. I seem to remember that I just had the Scanner running while opening a...

Recived fatal alert: internal_error

Hi. I can't connect the https site using burp suite v1.6. In the Alerts tab: Attempting to auto-select SSL parameters for [DOMAIN] Failed to auto-select SSL parameters for [DOMAIN] javax.net.ssl.SSLException: Recived...

DUNS number for a US Government order

Good afternoon, I purchased 12 Burp Suite Professional licenses this morning. I will need a DUNS number to create an order in our system. Are you able to provide this information please? This was for order A138C844A8,...

Account lock out

when i initiate automatic scan in burp, the application account/login page gets locked out.please let me know the solution.

Intruder request using callbacks.sendToIntruder() errors The basic request does not contain blank li

I am writing a java program to load intruder using callbacks.sendToIntruder(). I am sending a valid request to intruder but when I try to launch the intruder attack it always complains with The basic request does not contain...

Testing with DVWA

Using the DVWA app and attempting to brute force the front login as well as the login section of the app does not seem to function properly, even when using the brute force instructions on this website. Brute forcing the...

Scanner: XSS with percent sign

Burp Scanner recently flagged an XSS finding where the injected string was <%MWITE>. Further investigation revealed that the application would also reflect <%script>. Under what circumstances is this actually...

Automating Burp scan

Hi, We are using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool...

How do i use the active scanner to scan json and gwt requests?

I can do this by sending a request to the Intruder and then choosing 'Actively scan defined insertion points' for JSON (or by using the GWT insertion Points extension for GWT). How do I do this in bulk, as opposed to...

Integrating Burp and Wireshark

I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to...

'Send to' Extension

As a new member of the Burp community, I was playing around with creating Extensions. I now try to implement the "Send to" feature with my Extension, I want to send items from the HTTP History to my Extension, where the...

Burp API Useage

How Do I stop the scanner from running through API calls? I see there is functionality there to start the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api

how do I know if intruder attack rate gradually slows down?

I am using free edition, and noticed whenever I launch an attack on a particular site the time between attacks slows down considerably over time. At first I presumed it was the website defending itself ... but perhaps that...