Burp Suite User Forum
Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login...
Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning...
I have installed Jython and installed several Python-based Extensions. I have configured 'Folder for loading modules' to point to /usr/lib/python2.7 (have also tried python2.7 and python3.2). All extensions fail. Most...
Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The...
For spidering I filled in the scope at Target > Scope. And at Spider > Options I used for "Application Login" > "Prompt for guidance". But after running the spider as "Spider from here" (as it was the / site) only a...
Hello! I'm having troubles updating burp's internal cookie jar based on redirected responses. Eg. I send a POST request to /whatever.jsp with a cookie SESS1=123, I get a response w/ 302 Found, when I follow the...
Hi there, This is more a heads up rather than a question. I use a socks proxy via SSH/corkscrew when I am onsite at clients' sites to get unobstructed internet. To do this I set the OSX OS proxy settings to my socks...
I have a website that launches a JAR (java applet) I want to proxy the requests that applet does via Burp Suite Burp Suite listens on port 8080 and invisible proxying is also enabled. In java settings , I have...
Hi, I see that the spider has a referrer header option, however when I look at the sitemap, there are no referrers. Is there anyway to get the URLs with the referrer from sitemap that were spidered?
Hi all, This may not be related to Burp Suite tool as such, but wanted to check if someone from this community could help Situation: As a part of file upload checks, only certain file extensions are allowed. But we...
Is there a way to script or conditionally to Match/Replace with the Proxy. Similar to what's in the "Options" tab but slightly more complicated. Specifically what I'm looking for a find requests that don't have a referer...
My website is sending below GET requests (REST style), abc.com/groups/1 abc.com/groups/2 abc.com/groups/3 ... abc.com/groups/23000 Now during an active scan, scanning one of the request is enough (saves time). Is...
Hi Team, Getting Java Heap Space error and eventually Burp Suite got hanged later on. Increase Java Heap Space as mentioned below but still not getting valid response. Increase the size as mentioned below but still...
Good day How do I clone a Google app with Burp suite. I know how to spider a app. I know the diference but can burp clone a website like WGET or HTTRACK? Is it possible to use Burp to download a local copy of googels XSS...
I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there...
I want to scan the mobile pages of my web application. In order to do this I need the change the user-agent to emulate a phone. Is there a way to do this? Thanks!
Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report...
We installed Carbonator and want to execute commands in "headless" mode. What are the commands to set a target, set a proxy, scan (active and passive), spider, etc.? Thanks!
Hi, Ran test to look for “Cross-site request forgery” & Burp came back with issue. How can we use the info in the report to reproduce this manually so as to confirm that it's not a false positive? Thx.
I've got a private collaborator server up and running. It has it's own domain, it's resolving fine, wildcard certs are installed and confirmed working on both interaction and collaboration ports. When I run a health check in...
Page 324 of 327
Your source for help and advice on all things Burp-related.