Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Reflected -xss Burp sleep dno not see it.

olek | Last updated: Nov 02, 2021 09:54PM UTC

hi TEAM May I know why Burp do not see my manual reflected xss on some website.I thought Burp should support my. I put him passive scan and nothing he do not see this xss and do not illuminate it. What I'm doing wrong .?

Ben, PortSwigger Agent | Last updated: Nov 03, 2021 10:56AM UTC

Hi Olek, Reflected XSS is not one of the issues that is checked in a 'Passive' scan type - it is checked in a 'Medium active' scan type. Can you confirm how you are setting up your scan and whether you are actually just performing passive checks and this is why it is not being identified?

olek | Last updated: Nov 03, 2021 05:26PM UTC

I did active scan and Burp do not see this xss.The XSS is in some website account form as name,last name etc..This is POC what I'm use action=changeprofile&title=30&first_name=1&last_name=abcd.%22%3E%3Cb+onmouseover%3Dalert%28document.domain%29%3Eclick+me&e_mail=ide%40o2.pl&password_validation=grud1A&submitbtn=Valider Burp sleep I say deep sleep.

Ben, PortSwigger Agent | Last updated: Nov 04, 2021 02:50PM UTC

Hi Olek, Are you able to provide us with any details regarding the active scan that you have carried out against this site and how you have set it up?

olek | Last updated: Nov 04, 2021 04:17PM UTC

Ok but what would you like know .I just click active scan on place in repeater where xss is . This xss is on account with personal form where you put name .password and etc information . I think this is just selfxss in account form website account setting at. https://fr.shopping.rakuten.com Poc a."><b onmouseover=alert('Brute')>click me!</b><" picture xxs https://ibb.co/D7qhJGK ---------------------------------- In the meantime please say your Team .I'm not smart person but your Burp last edition 2021.9.1 Jar Java works terrible.They have some delay in responds about 3 sec when you click .I check the lasted adapted Version just has problem start.!!! Did The Burp Team testing your product.?? I feel you want to fast release new Burp number to make people happy and make money .Slow down and Test your product before you 'll send for use.

Ben, PortSwigger Agent | Last updated: Nov 05, 2021 01:13PM UTC

Hi Olek, The Logger tab for your active scan should be logging details of the requests that are being sent as a result of the active scan - if you inspect these requests are they being issued successfully and are you getting valid responses from the site? In addition, if you open up the scan settings and then view the scan configuration details - what 'Issue Reported' settings do you have configured for the active scan? Regarding your issues with the product - to confirm, which aspects of the software do you feel are performing poorly? Can you also confirm details of the machine you are running Burp on? What operating system are you using and can you confirm the specification of your machine?

olek | Last updated: Nov 05, 2021 01:17PM UTC

Java SE Development Kit 15.0.2 64bit Windows 8 Ok please close this .

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.