How do I? - Page 326 - Burp Suite User Forum

Save State - Save Only "Issues" in Target Tab

Used to be possible when "Issues" is part of Scanner tab. Newer versions saves the "Content" making the state file unnecessarily large. Thanks!!

dynamic cookie handling in burp intruder

How do i use the intruder if the webapp provide new cookie each time a new GET is made? Would it be possible for burp-intruder to pick the new cookie from the response and put it back as the next Request...

Burp Proxy Conection Issue with Black Berry 7 Devices

Hi; We are using burp Pro Version of 1.6.27. In the Security Assesment we are not able to connect with BB7 Device like the Burp Proxy is not connected the BB7 device and it not intercepting. We are using BB7-9320...

Probable bug in session handling macro

Hi I am using latest version of Burp and created a Macro to login to complex website. It requires at least four request to complete the login sequence. Below are the first three requests (sanitised) First...

In consistency while reproducing XSS vulnerability

Burp has reported some XSS vulnerability for a website. For the below discussion let us use this URL...

support documentation

i was hoping that you all had an all-encompassing user guide with all content in one doc. i found the following, which shows all help pages, but i'd really like to get all of that content in one file that i can review...

WilliamOrTY WilliamOrTY

<a href=http://canadianonlinepharmacy.top>canadian online pharmacy</a> <a href=http://bestpriceforgenericviagra.us>best price for generic viagra</a> <a href=http://clomiphenecitrateforsale.top>clomiphene citrate for...

How to pentest a web site that behind reverse proxy?

Is it possible to pentest a web site that behind reverse proxy? If yes, how to?

Multiple usernames as Prefixes when Base64 encoding authentication

Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication...

Session validataion and Loop issue

I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or...

fatal alert: unknown_ca in Burp's "Alerts" tab

Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to...

Security Headers for POST response

Hello, I noticed a few POST response (whether 200 or 302) is not having a XSS protection/ Content sniffing / Click Jacking prevention header set and burp suite detected that as a vulnerability. Is there a specific...

Spidering only POST

Hello, I would like to spider only POST requests (and follow redirection). Is it possible ? I verified if there are any options to define the scope based on POST method, but I couldnt find any. In short, I would...

Scanner - POST request results on a Different Page

I have a webapp where, when saving edits to a particular page, a POST request is made to a simple 'FormSave' page. The server response is a simple 200, json response {"Success":"true"} (or failure if the request fails)....

Setting proxy.MasterIntercept to 0

In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to...

Performing an ActiveScan to perform scan against non-body parameters

I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), ...

Invalid client request received: Failed to parse target host and port from CONNECT request

I'm connecting android/ios devices to burpsuite to intercept my mobile application requests. Every other website can be easily intercepted (both http and https) But I don't know what's wrong with my application. I get a...

Set socks proxy in headless mode

I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?

Session Management

I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie...

Best approach for web-application testing with a webservice.

The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the...