Burp Suite User Forum
For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.
We have a BURP automation to perform penetration testing. This automation is hosted on an application server (Weblogic and Tocat both tried). Automation suite starts BURP tool and performs penetration testing. As soon as...
How can I install custom root CA (not issued by PortSwigger) in both client and Burp Suite?
Hello, tl;dr Can Intruder Recursive Grep payload value for "Request 1" be extracted from "Request 0"? Testing an application that uses a unique CSRF token on each request and kills the session on an incorrect value....
Hello, I try to write an extension with Jython, that automatically changes requests leaving burp. For a simple example, I tried to change every occurence of "Gecko" in a request. (User-Agent field) I only process...
I have bought Burp Suite Scanner and I was analysing it. I checked for various vulnerabilities it detects by trying out various attacks. I want to check the list of malicious inputs it uses to inject in the fields. for...
With Burp version 1.7.05 I am able to connect to a site successfully, but with version 1.7.06, I get the SSLException and "You Have Limited Key Lengths" alerts when trying to access the same website. Any hints as to what...
hi iv been using for lat one month , its worked fine , untill today mornig i tried to configure burpsuite to capture my andriod mobile trafic ..i used ur forum tutors for this it didnt wrkd at all so delete...
Hi I've occasionally played with the pro version of Burp over the years and three years ago I found a SQL injection in one of our IIS/asp.net web apps. I seem to remember that I just had the Scanner running while opening a...
Hi. I can't connect the https site using burp suite v1.6. In the Alerts tab: Attempting to auto-select SSL parameters for [DOMAIN] Failed to auto-select SSL parameters for [DOMAIN] javax.net.ssl.SSLException: Recived...
Good afternoon, I purchased 12 Burp Suite Professional licenses this morning. I will need a DUNS number to create an order in our system. Are you able to provide this information please? This was for order A138C844A8,...
when i initiate automatic scan in burp, the application account/login page gets locked out.please let me know the solution.
I am writing a java program to load intruder using callbacks.sendToIntruder(). I am sending a valid request to intruder but when I try to launch the intruder attack it always complains with The basic request does not contain...
Using the DVWA app and attempting to brute force the front login as well as the login section of the app does not seem to function properly, even when using the brute force instructions on this website. Brute forcing the...
Burp Scanner recently flagged an XSS finding where the injected string was <%MWITE>. Further investigation revealed that the application would also reflect <%script>. Under what circumstances is this actually...
Hi, We are using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool...
I can do this by sending a request to the Intruder and then choosing 'Actively scan defined insertion points' for JSON (or by using the GWT insertion Points extension for GWT). How do I do this in bulk, as opposed to...
I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to...
As a new member of the Burp community, I was playing around with creating Extensions. I now try to implement the "Send to" feature with my Extension, I want to send items from the HTTP History to my Extension, where the...
How Do I stop the scanner from running through API calls? I see there is functionality there to start the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api
I am using free edition, and noticed whenever I launch an attack on a particular site the time between attacks slows down considerably over time. At first I presumed it was the website defending itself ... but perhaps that...
Page 315 of 331
Your source for help and advice on all things Burp-related.