Burp Suite User Forum
i was hoping that you all had an all-encompassing user guide with all content in one doc. i found the following, which shows all help pages, but i'd really like to get all of that content in one file that i can review...
<a href=http://canadianonlinepharmacy.top>canadian online pharmacy</a> <a href=http://bestpriceforgenericviagra.us>best price for generic viagra</a> <a href=http://clomiphenecitrateforsale.top>clomiphene citrate for...
Is it possible to pentest a web site that behind reverse proxy? If yes, how to?
Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication...
I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or...
Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to...
Hello, I noticed a few POST response (whether 200 or 302) is not having a XSS protection/ Content sniffing / Click Jacking prevention header set and burp suite detected that as a vulnerability. Is there a specific...
Hello, I would like to spider only POST requests (and follow redirection). Is it possible ? I verified if there are any options to define the scope based on POST method, but I couldnt find any. In short, I would...
I have a webapp where, when saving edits to a particular page, a POST request is made to a simple 'FormSave' page. The server response is a simple 200, json response {"Success":"true"} (or failure if the request fails)....
In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to...
I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), ...
I'm connecting android/ios devices to burpsuite to intercept my mobile application requests. Every other website can be easily intercepted (both http and https) But I don't know what's wrong with my application. I get a...
I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?
I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie...
The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the...
How to do POC for PRSSI vulnerability ??
Hi, Can any one please help me, In my Burp tool i have enabled Proxy - > intercept on but still it is not intercept my site but Target -> site map will show all the action and response. So please help me how to resolve...
Hi, I'm looking for a way to add all URL in target scope. As we can use regex I just put '*' in "Host or IP range" but burp is not agree with that. Which regex can I use to achieve this ? Cheers
<a href=http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/>http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/</a> <a...
Hello, I am trying to intercept SSL by installing a custom certificate and private key which matches the target server I am trying to test. Having successfully converted and imported the cert, I am getting a certificate...
Page 321 of 327
Your source for help and advice on all things Burp-related.