How do I? - Page 317 - Burp Suite User Forum

error report

Hi, when I`m scanning a specific host theres error generated by burpsuite scanner (abandoned too many errors). burp scanner couldn't scan any branches of that target address. what is the solution. plz let me know...

run Intruder on 2 websites at a time?

What's the best way to run intruder on 2 different targets at the same time? Is it just a case of starting one attack and then starting a 2nd attack in the same instance of Burp Suite? thx

Filter a prefix and su?

Hello, in the Target tab under Site Map. Is it possible to filter all urls with prefixes and suffixes? So it would only display the main url of the web sites? I was looking for a way to narrow down how much stuff goes into...

Identify scanning threads using the Extender API

A question was posted as to whether Burp can scan an application using different session information for each thread and the response that it is a feature that Burp does not have, however it is something that a custom...

Issue with Active Scanning

Hi Team, Currently I am using Burp Pro (License No: ) I am using the tool for Continuous active scanning and struggling in excluding the duplicate URLs. Please help.

Burpsuite CA not working for sub-domain?

Hi I encountered a scenario. I am on Burpsuite Pro. I am testing an SSL enabled site https://myexamplesite.com/ and I was able to use the Burpsuite CA to act as MITM to load the content into Burpsuite...

Intruder 503 Status error !

Dears Greetings kindly want to inform you that iam doing a test using burp intruder on my voice chat login, i have a voice chat that have a login form include username and passwords, i have Burp suite Pro Edition...

Request not returning any response

I am trying to intercept on a website all requests are https and everything is working fine except for one specific request which isn't returning any response when directed via burp however same request does return response...

How do I connect my target to my proxy

I dont know how to connect the target to the proxy so I can attack the target

Secure websocket requirements?

While googling around for information, I found a blurb for a search result stating "Burp Suite v1.5.21 released, with WebSockets support, new nested scan .... or HTTP Auth header is required for successful wss:// upgrade."...

Discover content using basic HTTP authentication

Hello I'm trying to use the discover content functionality on a web site that uses basic http authentication. I entered the credentials in the Platform Authentication screen. When I run the discover content, all I get is...

Scanning based on Index ID

Hi, Burp has list of vulnerabilities that are covered by scanner which are listed here https://portswigger.net/KnowledgeBase/Issues/ Each vulnerability has severity and Type Index mentioned. Is there a possibility...

Clear the Scan Queue and Site Map from API

Hi, With the introduction of Project files in Burp 1.7+, all the data is saved automatically including Target SiteMap and Scanner Scan Queue into Project files, which is very useful. However, these tend to grow over a...

Unable to connect to site after updating browser with BURP proxy

I'm using BURP on my project and have verified the proxy listener is up. However; in my office, I use a company proxy to access the internet. Once I update the browser with the BURP proxy, I'm unable to use the internet. Is...

Burp Collaborator

What are the Hardware requirements for Burp Collaborator?

Don't quite get the meaning of "iterate all values of submit fields"

What does "Spider >> Options >> Form Submission >> Iterate all values of submit fields" do? I've read https://portswigger.net/burp/help/spider_options.html : "Many forms contain multiple SUBMIT elements, which result in...

"This Connection is Untrusted" message is showing

Everything is okay like download certificate in firefox and proxy/Network setting also done but i am unable to intercept with any site.I have also installed jre 1.7.0.My OS is 64 bit.I was doing my work properly with...

How to implement request in browser

Hi, is it possible to write an extension to have a "request in browser" like functionality? I would like to request in browser a specific request based in some conditions like a selected element or something...

CSRF Token

Hello, Custom parameter location in response but csrf not writing in response. Why not in the request? Because csrf parameter (_csrf_token=MXnHkkFn_GDk96WoRucoS26JJb4zAQA76jOhdeLG-Uc) in only request. Is it possible to...

Java Serialized + Zlib + gzip

I have this issue and I can't seem to solve it without writing an extension. The java thick client communicates with the server by doing the following on the data part of the HTTP POST request: Client: - Java...