How do I? - Page 327 - Burp Suite User Forum

How to do POC for PRSSI vulnerability

How to do POC for PRSSI vulnerability ??

Burp Suite Proxy will not intercept the site after Intercept mode is on.

Hi, Can any one please help me, In my Burp tool i have enabled Proxy - > intercept on but still it is not intercept my site but Target -> site map will show all the action and response. So please help me how to resolve...

Add all URL in target scope

Hi, I'm looking for a way to add all URL in target scope. As we can use regex I just put '*' in "Host or IP range" but burp is not agree with that. Which regex can I use to achieve this ? Cheers

Cat information

<a href=http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/>http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/</a> <a...

Certificate Import

Hello, I am trying to intercept SSL by installing a custom certificate and private key which matches the target server I am trying to test. Having successfully converted and imported the cert, I am getting a certificate...

selective vulnerability

Is it possible for Burp to scan and show only a specific list of vulnerabilities?

Love horoscope for today

<a...

export scan report in headless mode?

If we run Burp in headless mode, can we export scan reports? If so, what are the command line options for that? We run our own python scripts that send HTTP requests, which pass through Burp and Burp does active scanning....

Is there a way to suppress ASP.NET_SessionId cookie tests?

The developers of our application say they don't manipulate the ASP.NET_SessionID cookie (in fact, they couldn't do it even if they wanted to). It is a Microsoft .NET cookie out of their control. A bunch of errors are...

CVE ID

How to find CVE ID of the scan report

What people food can dogs eat

<a href=http://peoplefood.cf/in-that-moment-we-can-actually-agree-on-one-thing-and-that-is-that-the-celebration>http://peoplefood.cf/in-that-moment-we-can-actually-agree-on-one-thing-and-that-is-that-the-celebration</a> ...

Whittier narrows golf course

<a href=http://golfcenter.cf/moreover-since-lead-users-often-attempt-to-fill-the-need-they/>http://golfcenter.cf/moreover-since-lead-users-often-attempt-to-fill-the-need-they/</a> <a...

Estimating time taken for Application security testing

Though not related to Burp Suite, thought of posting here so that some one could share their thoughts I would like to do some kind of estimation for time taken to scan a website using Burp Suite. I will be testing...

Rock music online

<a href=http://rock-music.cf/the-show-is-the-creation-of-garrett-sherwood-ryan-j-hayes-and-jon-peter/trackback>http://rock-music.cf/the-show-is-the-creation-of-garrett-sherwood-ryan-j-hayes-and-jon-peter/trackback</a> <a...

Future news

<a href=http://futures.cf/take-a-deep-breath-he-says-you-have-friends-in-the-industry-who-understand>http://futures.cf/take-a-deep-breath-he-says-you-have-friends-in-the-industry-who-understand</a> <a...

Session handling rules - cookie not set for POST request

I have set up a session handling rule that sends a certain cookie for all requests to a certain domain. What I have found however, is that that the cookie will be sent on all GET requests to the domain, but not sent with...

Reporting of Frameable Response (Potential Clickjacking)

I scanned 30+ URLs using burp suite tool. 4 URLs were reported for Frameable Response (Potential Clickjacking) While all the URLs that were scanned missed the X-Frame-Options header, why only 4 URLs were flagged for this ?

Bad Request 400 Error

On Intercepting my Asp.Net application in the place of Http/1.1 with Http/1.1 200 OK it is showing bad request error.What should I do to redirect this to default error page.I have already Http errors and Custom error in...

What is the best way to handle SQL Injection errros reported by BURP in a PHP – Apache environment?

BURP suite is reporting SQL Injection errros, whats best possible way to handle those errors in a PHP – Apache environment.

Database scanning

Is Burpsuite capable of performing vulnerability scans against databases ? I have seen and there is no option, but just wanted to confirm with the experts. Also, do we have a security standard for databases as we have...