How do I? - Page 316 - Burp Suite User Forum

Recived fatal alert: internal_error

Hi. I can't connect the https site using burp suite v1.6. In the Alerts tab: Attempting to auto-select SSL parameters for [DOMAIN] Failed to auto-select SSL parameters for [DOMAIN] javax.net.ssl.SSLException: Recived...

DUNS number for a US Government order

Good afternoon, I purchased 12 Burp Suite Professional licenses this morning. I will need a DUNS number to create an order in our system. Are you able to provide this information please? This was for order A138C844A8,...

Account lock out

when i initiate automatic scan in burp, the application account/login page gets locked out.please let me know the solution.

Intruder request using callbacks.sendToIntruder() errors The basic request does not contain blank li

I am writing a java program to load intruder using callbacks.sendToIntruder(). I am sending a valid request to intruder but when I try to launch the intruder attack it always complains with The basic request does not contain...

Testing with DVWA

Using the DVWA app and attempting to brute force the front login as well as the login section of the app does not seem to function properly, even when using the brute force instructions on this website. Brute forcing the...

Scanner: XSS with percent sign

Burp Scanner recently flagged an XSS finding where the injected string was <%MWITE>. Further investigation revealed that the application would also reflect <%script>. Under what circumstances is this actually...

Automating Burp scan

Hi, We are using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool...

How do i use the active scanner to scan json and gwt requests?

I can do this by sending a request to the Intruder and then choosing 'Actively scan defined insertion points' for JSON (or by using the GWT insertion Points extension for GWT). How do I do this in bulk, as opposed to...

Integrating Burp and Wireshark

I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to...

'Send to' Extension

As a new member of the Burp community, I was playing around with creating Extensions. I now try to implement the "Send to" feature with my Extension, I want to send items from the HTTP History to my Extension, where the...

Burp API Useage

How Do I stop the scanner from running through API calls? I see there is functionality there to start the spider but nothing to indicate if it has finished spidering or if it can be stopped through the api

how do I know if intruder attack rate gradually slows down?

I am using free edition, and noticed whenever I launch an attack on a particular site the time between attacks slows down considerably over time. At first I presumed it was the website defending itself ... but perhaps that...

Settings doesnt save when we close and reopen burp

Hello, When I open up burp, I make changes to various setting available (like target scope settings, proxy settings, scanner settings etc etc etc) when I close and reopen burp, every thing restores to default. how do...

Repeater interprets command incorrectly

Using OPTIONS HTTP Method does not render any results using the command below. OPTIONS / HTTP/1.0 I used the "Copy as curl command" option of the repeater and the repeater is interpreting the command incorrectly as...

Need help with password cracking

So my friend gave me permission to try and hack his instagram So first I intercept while tring to login to his account and i get POST /accounts/login/ajax/ HTTP/1.1 Host: www.instagram.com User-Agent: Mozilla/5.0...

Burpsuite Closing the Connection

Hi, I am having an issue testing a specific web app. The application, when not proxied, keeps the tcp connection open, and makes multiple HTTP requests over this connection. When proxied through Burp it closes the...

Using sqlmap with Burp

Hi All, I have a SOAP API that require two unique parameters (Email and UserID). I'd like to use Burp to intercept the sqlmap request and replace these two parameters with random and sequencial numbers. Is that...

Non-HTTP request

Hi Burp team! I have a java application to check. The app starts the communication over HTTPS and then the communication changes to non-web protocol (no over HTTP just over sockets and the content is java serialized). I...

XSS vulnerabilites

Hi, I am reading the Web application hackers handbook and came across numerous XSS filter evasion techniques. Wanted to know if using the scanning functionality of Burp Suite automatically checks for all or most of them ?...

Ability to customize the project files to save space?

I noticed that the "saving state" functionality is due to be replaced by the new project file functionality in the future. Is there any way to customize what is saved to a project file in the current version of Burp, or is...