Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

XSS vulnerabilites

jaskaran | Last updated: Aug 11, 2016 01:31AM UTC

Hi, I am reading the Web application hackers handbook and came across numerous XSS filter evasion techniques. Wanted to know if using the scanning functionality of Burp Suite automatically checks for all or most of them ? Thanks

Liam, PortSwigger Agent | Last updated: Aug 11, 2016 07:29AM UTC

Hi Jaskaran Thanks for your message. Burp Scanner uses a multitude of different XSS filter techniques. Additionally, the scanner's ability to test for XSS is continually updated to keep up-to-date with modern hacking techniques. You could take a look at how Burp tests for XSS issues by installing the Logger++ extension. This allows you to manually review all requests and responses made by all of Burp's tools. Please let us know if you need any further assistance.

Burp User | Last updated: Aug 11, 2016 12:30PM UTC

I don't know how to code, but I'm learning... Is it possible to find exploits with burp suite without knowing how to code ?

Liam, PortSwigger Agent | Last updated: Aug 11, 2016 12:30PM UTC

Hi Aleks Thanks for your message. Yes, it is possible to use Burp Suite to find exploits without knowing how to code. Have you checked out our Support Center? It includes a section on using Burp to find XSS issues. - https://support.portswigger.net/customer/en/portal/articles/2325922-Methodology_Attacking%20Users_Finding%20XSS.html Please let us know if you need any further assistance.

Burp User | Last updated: Aug 11, 2016 07:22PM UTC

Hi Liam, Thanks for your quick response, do you think that if I follow the tutorials I can find exploits on Facebook/Twitter ?? (Keep in mind I don't know how to code)

Burp User | Last updated: Aug 12, 2016 04:18AM UTC

Thanks for the prompt reply Liam Tai-Hogan

Burp User | Last updated: Aug 12, 2016 05:37AM UTC

From your response, Can you please confirm if scanning engine is intelligent enough to modify its requests based on the response received from the target sites ( having filters or WAF screenings) and its not just firing the per-defined lists of methods to check the XSS. Only intention here is to understand which type of vulnerabilities to look for more with manual methods (consumes lot of time) specially when testing complex web applications with limited timelines. Thanks

Liam, PortSwigger Agent | Last updated: Aug 12, 2016 07:58AM UTC

Hi Aleks You may need to modify or expand on the techniques in our tutorial articles to find exploits in live applications. These applications you mentioned will be tested thoroughly by experienced penetration testers.

Liam, PortSwigger Agent | Last updated: Aug 12, 2016 08:04AM UTC

Hi Jaskaran Yes, Burp's XSS scanning is response driven. Please let us know if you need any further assistance.

Burp User | Last updated: Aug 13, 2016 01:28PM UTC

Hi liam, So basically, I've tried to configure burp suite to work on firefox on my macbook pro running OS X yosemite, doing everything said in the tutorial, and it doesn't work. Can't load any website and it says the connection is not secure when I put the proxy settings (127.0.0.1 with port 8080.) T Please help !

Liam, PortSwigger Agent | Last updated: Aug 15, 2016 10:48AM UTC

Hi Aleks Have you installed Burp's CA Certificate? - https://support.portswigger.net/customer/en/portal/articles/1783075-installing-burp-s-ca-certificate-in-your-browser

Burp User | Last updated: Aug 16, 2016 08:51AM UTC

I installed the certificate and it worked, thanks for your help !

Liam, PortSwigger Agent | Last updated: Aug 16, 2016 08:54AM UTC

Hi Aleks Burp Intruder is throttled with the free version of Burp Suite as it is designed for demonstration purposes. To use all of Burp Suites tools you will need Burp Professional Edition.

Burp User | Last updated: Aug 16, 2016 10:57AM UTC

Hey, I also have a request. I've noticed that the professional version of burp suite has way faster brute forcer than the free version. Can this be fixed ? I can't afford the professional version and I really want to be the bruterforcer the be as fast, that would be really cool. Thank you

Burp User | Last updated: Aug 17, 2016 08:37PM UTC

I understand that but would it be possible just to remove the time throttler and maybe add a timer (ex can only be 10 minutes per attack ?) because the time throttler really ruins everything

Liam, PortSwigger Agent | Last updated: Aug 19, 2016 09:18AM UTC

Sorry Alex, we don't have any plans to modify the functionality of the free edition.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.