How do I? - Page 321 - Burp Suite User Forum

handshake_failure

I'm running burp v1.6.36 and using a client ssl certificate to authenticate to secure web pages. I am receiving the error handshake_failure when attempting to access and sites that require the client cert. I am using java...

Finding XSS

Hello , In most of the scans using Burp for XSS , I can see only HTTP 302 responses for the different XSS payloads, is there a best way to find XSS using Burp for more complex application.

Invalid client request received: Failed to parse first line of request.

Hi, I received the message "Invalid client request received: Failed to parse first line of request." and "Unknown host: null" in the alert tab when I use SOCKS proxy. All the requests can't go through. If I uncheck the...

Scan of Oracle 12c E-Business Suite Application Consumes all Database Processe within a few minutes

Old database processes are not released and remain in the system for an hour or more forcing a database re-start. Number of database processes at 1.2K. Is this a Burp thing (i.e. is there a Burp Prof setting to prevent...

http history missing in-scope items.

I have my scope set in the Target tab, has about 10 web sites listed then all of their items with in them. When I goto Proxy->HTTP history I do not see all of my listings from Target in there. I am missing a few web sites as...

The input file is not in correct format

I selected "save state" in Burp. I imported the file in Acunetix for a scan. Saved the results in .wvs file format. When I open the file which I have saved using Burp, again in Burp; it throws an error - The input file is...

re allocating burp licenses

we have a total of 44 burp licenses. end users will come and go. where in the Portal do I go to have licenses reallocated?

Register menu item

I want to register a custom menu item in first row in context menu. For example, self.CallBacks.registerMenuItem("New Item", self, 1) where, 1 indicates first row in context menu

How do I use a password protected Java KeyStore for Burp Collaborator

Dear All As required for running a private Burp Collaborator instance, we have ordered and received a wildcard certificate for the domain we'll run our instance under. We've created a JKS containing our certificate,...

How do I specify which SSL/TLS ciphers Burp Collaborator can use?

Dear All, We're currently running a private instance of Burp Collaborator. As this host is visible to the internet, we include this system in our regular vulnerability scans focused on internet-facing systems. Our...

Can I add more scans to SQLi or XSS scans which are run by Scanner?

I want to configure Burp a bit more. As I understood, in Scanner / Options I can select the Active Scanning Areas. Is there a way to add more e.g. SQLi, or XSS to what already is checked? Where can I see the list of...

Edit list of long/short discovery file/directory lists

Is there a way to edit the long/short discovery file/directory lists that are used in Engagement Tools -> Discover Content?

get the "Responses queued for analysis" to actually "analyze?

I have been running the "discover content" tool and the "responses queued for analysis" number only builds and builds and never goes down. Even when the content discovery is over the number never decreases leading me to...

Reporting only on POST not GET methods? (Scanner)

Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some...

Customize the report output?

Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!

Compare site maps with a Authorization: Basic value

I want to do a comparison with different privileged accounts. For Site Map 2 I want to "Request map 1" with a new cookie. In the Options > Sessions I added a "Use Cookie from Cookie Jar" for Target. But there is a header...

Items already scanned

Are there any ways to highlight the items that have already been scanned manually or with active scanning?

unlimited "number of retries on network failure"

How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.

"Report selected issues". is not visible in burpsuite_free_v1.6.32 version

After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for...

How does Burp check for Anti-CSRF tokens?

How does Burp usually scan or validate anti-CSRF tokens? In other words, if the web application uses a form ID that does not contain one of the keywords which identify CSRF, does Burp use other methods? If so, how does it...