How do I? - Page 320 - Burp Suite User Forum

Content-location ip versus hostname

Curious behavior difference between nikto output and burp output. From nikto a request like this: GET / HTTP/1.1 User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP) Connection:...

How do I manually reproduce ruby code injection in cookie parameters?

One of the apps I'm testing is coming up with Ruby Code Injection alert. The confidence is listed as Firm. Issue Details: The payload '+sleep(20.to_i)+' was submitted in the foo parameter within the bar cookie. The...

how to detect the errors in webapplication

How to login in burp suite tool in free version and how to detect the errors in webpage.

how to enable correct renegotiations for SSL

Hey, so I was testing burp suite proxy to sniff HTTPS from AFNetworking SDK for iOS. I was successful in sniffing and intercepting HTTPS traffic with GET and POST from an iPhone by using a proxy. However, it seems it only...

burpsuite_free_v1.6 with upstream proxy not able to intercept https traffic/sites.

Hi Team, I have been using burpsuite_free_v1.6 with upstream proxy with Java version: C:\Users\Administrator>java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java...

Validating XSS manually

When I select the XSS vulnerability which Burp's scanner found, under "Request" I select "Show in Browser". Under the browser, I get the Javascript alert pop out. However, if I copy / paste the same exact URL (which has...

Three protocols in SSL tab

I am using the pro version of Burp (latest version). I can only see three SSL protocols (SSL v2, SSLv3 and TLS v1). How can I update this and SSL ciphers list?

Burp API Support for Selecting Active Scanning Areas

Hi There, I was looking through the API and I couldn't find support for passing in values for Active Scanning Areas. So if I wanted an active scan to be performed with only some of these areas...

Access Request panel from Intruder | Positions subtab using Swing

I am trying to add intruder request using Jemmy automation. I can find all components under Intruder | Positions subtab except the main request text area. I tried to dump all the compnents and look for the specific area...

List Burp Proxy Listeners

Greetings, Quick question - how would one obtain a list of every Proxy listener currently configured within Burp using the BurpExtender API? I've tried leveraging the callbacks.getProxyListeners...

App ignoring system proxy settings?

I've looked at the first 5 pages of this Support Center and the closest I see to my problem is here (http://forum.portswigger.net/thread/1557/burp-displaying-webgoat). If this has been answered, or this is the wrong area to...

Proxy works only on 127.0.0.1

Hello, I'm trying to configure my proxy to work on other IPs than 127.0.0.1, but the browsers refused to connect to other ips than 127.0.0.1. I didn't see any errors, and I verify that the proxy is connected and running...

Binding burp to a low port

I am trying to do some invisible proxying through burp, but this requires binding burp's proxy to ports 80/443 which requires root privileges. However, if I run burp as root, it asks for another license. I am wondering if...

CA Import PKCS12 parameters

Hey PortSwigger, I'm currently trying to import a cert chain as my CA for burp suite (using Burp Pro). I need to import my intermediate certificate as the CA for each host, whilst also supplying the root cert file for all...

inserting Images from relative path

Hello, I would like to create an "About" page for my extension, but I am having difficulty finding the path that the extension resides in. I am currently using Jython to write my extensions. Right now, using the Python...

Save State - Save Only "Issues" in Target Tab

Used to be possible when "Issues" is part of Scanner tab. Newer versions saves the "Content" making the state file unnecessarily large. Thanks!!

dynamic cookie handling in burp intruder

How do i use the intruder if the webapp provide new cookie each time a new GET is made? Would it be possible for burp-intruder to pick the new cookie from the response and put it back as the next Request...

Burp Proxy Conection Issue with Black Berry 7 Devices

Hi; We are using burp Pro Version of 1.6.27. In the Security Assesment we are not able to connect with BB7 Device like the Burp Proxy is not connected the BB7 device and it not intercepting. We are using BB7-9320...

Probable bug in session handling macro

Hi I am using latest version of Burp and created a Macro to login to complex website. It requires at least four request to complete the login sequence. Below are the first three requests (sanitised) First...

In consistency while reproducing XSS vulnerability

Burp has reported some XSS vulnerability for a website. For the below discussion let us use this URL...