Burp Suite User Forum

Create new post

Multiple usernames as Prefixes when Base64 encoding authentication

Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication...

Last updated: Oct 02, 2015 09:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Session validataion and Loop issue

I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or...

Last updated: Oct 02, 2015 07:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

fatal alert: unknown_ca in Burp's "Alerts" tab

Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to...

Last updated: Sep 30, 2015 07:55AM UTC | 1 Agent replies | 1 Community replies | How do I?

Security Headers for POST response

Hello, I noticed a few POST response (whether 200 or 302) is not having a XSS protection/ Content sniffing / Click Jacking prevention header set and burp suite detected that as a vulnerability. Is there a specific...

Last updated: Sep 29, 2015 11:21AM UTC | 3 Agent replies | 3 Community replies | How do I?

Spidering only POST

Hello, I would like to spider only POST requests (and follow redirection). Is it possible ? I verified if there are any options to define the scope based on POST method, but I couldnt find any. In short, I would...

Last updated: Sep 28, 2015 01:55PM UTC | 1 Agent replies | 1 Community replies | How do I?

Scanner - POST request results on a Different Page

I have a webapp where, when saving edits to a particular page, a POST request is made to a simple 'FormSave' page. The server response is a simple 200, json response {"Success":"true"} (or failure if the request fails)....

Last updated: Sep 28, 2015 01:33PM UTC | 1 Agent replies | 1 Community replies | How do I?

Setting proxy.MasterIntercept to 0

In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to...

Last updated: Sep 24, 2015 08:25AM UTC | 2 Agent replies | 2 Community replies | How do I?

Performing an ActiveScan to perform scan against non-body parameters

I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), ...

Last updated: Sep 23, 2015 08:05PM UTC | 1 Agent replies | 1 Community replies | How do I?

Invalid client request received: Failed to parse target host and port from CONNECT request

I'm connecting android/ios devices to burpsuite to intercept my mobile application requests. Every other website can be easily intercepted (both http and https) But I don't know what's wrong with my application. I get a...

Last updated: Sep 22, 2015 01:12PM UTC | 1 Agent replies | 0 Community replies | How do I?

Set socks proxy in headless mode

I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?

Last updated: Sep 14, 2015 03:46PM UTC | 1 Agent replies | 0 Community replies | How do I?

Session Management

I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie...

Last updated: Sep 14, 2015 12:27PM UTC | 1 Agent replies | 0 Community replies | How do I?

Best approach for web-application testing with a webservice.

The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the...

Last updated: Sep 09, 2015 08:29AM UTC | 1 Agent replies | 0 Community replies | How do I?

How to do POC for PRSSI vulnerability

How to do POC for PRSSI vulnerability ??

Last updated: Sep 03, 2015 07:50AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Suite Proxy will not intercept the site after Intercept mode is on.

Hi, Can any one please help me, In my Burp tool i have enabled Proxy - > intercept on but still it is not intercept my site but Target -> site map will show all the action and response. So please help me how to resolve...

Last updated: Sep 02, 2015 01:54PM UTC | 2 Agent replies | 1 Community replies | How do I?

Add all URL in target scope

Hi, I'm looking for a way to add all URL in target scope. As we can use regex I just put '*' in "Host or IP range" but burp is not agree with that. Which regex can I use to achieve this ? Cheers

Last updated: Sep 01, 2015 08:40PM UTC | 1 Agent replies | 1 Community replies | How do I?

Cat information

<a href=http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/>http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/</a> <a...

Last updated: Aug 30, 2015 08:34PM UTC | 0 Agent replies | 0 Community replies | How do I?

Certificate Import

Hello, I am trying to intercept SSL by installing a custom certificate and private key which matches the target server I am trying to test. Having successfully converted and imported the cert, I am getting a certificate...

Last updated: Aug 28, 2015 08:59AM UTC | 2 Agent replies | 1 Community replies | How do I?

selective vulnerability

Is it possible for Burp to scan and show only a specific list of vulnerabilities?

Last updated: Aug 28, 2015 07:40AM UTC | 1 Agent replies | 0 Community replies | How do I?

Love horoscope for today

<a...

Last updated: Aug 28, 2015 06:35AM UTC | 0 Agent replies | 0 Community replies | How do I?

export scan report in headless mode?

If we run Burp in headless mode, can we export scan reports? If so, what are the command line options for that? We run our own python scripts that send HTTP requests, which pass through Burp and Burp does active scanning....

Last updated: Aug 27, 2015 08:46AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 316 of 321

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image