How do I? - Page 319 - Burp Suite User Forum

Records not being added during scan

Good morning! My group just downloaded Burp onto my computer, so I don't know too much about it... I've tried watching tutorials and someone from another office gave me a brief overview on how to set up the scan, but it...

how to list the cipher suite supported by the server

I would like to validate the cipher suites that a web application supports. How could we do it?

new burp configuration saving

hi, New burp has new feature to select project and configuration while starting burp and I am not being able to use properly. In the past , it was easy, i used to change/ add my proxy port, edit some settings as default...

Configuring Macro Item

I am trying to configure a login Macro and in the Macro Editor, Under the Macro Items, I have added sequence of URLs to be executed (I took this from Proxy) I click on one of the URLs and select, 'Configure Item'. In...

Java ViewState SSO burp scanner

Hello, I am facing an issue related to session handling while scanning an application. Specifically, the scanner uses an old viewState value that inherits from the spider session that results in de-authentication of the...

how to capture post request in burp through rest client

I want to make a post request through https://www.runscope.com which i can make in chrome and getting correct response but when I try to do in mozilla firefox which i have configured with burp suit it shows alerts message in...

How do I attack OWA 15?

The new version of OWA uses javascript to process authentication, and by the looks of it, I can't get burp to do exactly what a browser would do by using intruder. Has anybody ever attacked the newest version of OWA with...

Same site, two different authentication methods (Basic first, then NTLM)

I'm testing an iOS application that connects to a site through an F5 BIG-IP proxy and I'm running into some interesting behavior. For the sake of example, let's call the site: proxied.site.com When you first connect to...

REmoving a disk based project

How do I remove a disk based project. If I just delete the burp file. a reference to the project remains in the disk based project portion of the start up windows

Access Intruder Request panel in swing

I am trying to automate intruder attack and need to access Intruder request text area using Swing. I can find all components under Intruder | Positions subtab except the main request text area. Could you please help...

Scaning non standard requests

Hi guys! I have the following situation: I have some non standard post requests in some applications like: Using method POST i have several paramenters separeted by | and some cases by - arg1|arg2|arg3|argX|...

How do I use intercept is on?

When I click intercept is on, Firefox will not load any webpages. When intercept is off, it works fine. I have installed the CA certificate and done the configurations with Firefox. Please help?

Setting 2 Payloads positions with the same payload simultaneously

Hey, Is there a way to set two (or more) Payloads positions with the same payload that will run simultaneously (while having other payload positions)? Now I can have the same settings for the 2 payloads positions: (for...

Set font via command line OR restore state via command line

Is there a way to set the font size via a command line option, or restore a saved state via a command line option? For example: java -jar burp.jar --font-size=12 or java -jar burp.jar --restore-state settings.dat I am...

Can an attacker bypass this XSS filter?

I have a classified site, I was wondering if this is secure enough or not, between I got this filter from a friend of mine. var a = window.location.hash.replace(/[^\w\-#]/g, "_"); a = a + ".expandable"; if (0 <...

Missing scroll bar in "HTTP history" window

I have came across this problem few days ago. I am not sure is it because of too many entries in the history. It is quite hassle for me to use to arrow to scroll back and check on some entries. Are there any ways for me to...

Target Address

Hi, I`m new user. Can i use IP address instead of urls as target?

CharlesHigSE

<a href=http://wheretobuydomperidone.com/>where to buy domperidone for breastfeeding </a>

PatrickSobQY

<a href=http://cheapalbuterolinhalerforsale.com/>what is albuterol </a>

ThomasonDW

<a href=http://lasixandweightloss.com/>lasix side effects </a>