Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Pro doesn't crawl and test everything?

wof | Last updated: Dec 25, 2022 10:02AM UTC

Target: DVWA v1.10 'Development' version (via docker) One thing that I like about Burp Pro is the capability to scan compared to the Community version. Interestingly, I find that Burp Pro doesn't crawl and scan everything. e.g. http://localhost/vulnerabilities/exec/ This is known vulnerable to OS Command Injection I did "Actively scan this branch" for "/vulnerabilities/exec/" 538 requests sent with 0 errors on this. Interestingly, OS injection vulnerability was not part of the issues found with Burp Pro. Please let me know the right way to do this with Burp. I've been informed Burp Pro version can automate this kind of process and can help to find injection points.

RachelGomez | Last updated: Dec 26, 2022 05:45AM UTC

If the application you are testing uses platform authentication (which normally shows as a popup login dialog within your browser), and you get authentication failure messages when your browser is configured to use Burp, then you need to configure Burp to handle the platform authentication instead of your browser. Go to the Settings > Network > Connections tab, and the Platform Authentication section. Add a new entry for each hostname used by your application, configuring the authentication type and your credentials. If you aren't sure of the authentication type, then first try NTLMv2, then NTLMv1, and then the other types. You may need to close all browser windows and open a new browser window, to prevent any browser caching from interfering with the authentication process. Regards, Rachel Gomez

wof | Last updated: Dec 26, 2022 10:17AM UTC

It was Damn Vulnerable Web Application (DVWA). The only authentication is before accessing the app. That's it. $ curl -sL http://localhost | sed -n '/form/,/form/p' <form action="login.php" method="post"> <fieldset> <label for="user">Username</label> <input type="text" class="loginInput" size="20" name="username"><br /> <label for="pass">Password</label> <input type="password" class="loginInput" AUTOCOMPLETE="off" size="20" name="password"><br /> <br /> <p class="submit"><input type="submit" value="Login" name="Login"></p> </fieldset> <input type='hidden' name='user_token' value='6c4f56818ed0c327bfb157fc3813a4ab' /> </form> You can try it here https://github.com/digininja/DVWA Easiest way to run it is by using Docker docker run --rm -it -p 80:80 vulnerables/web-dvwa

Liam, PortSwigger Agent | Last updated: Dec 27, 2022 03:39PM UTC