Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Change part of a URL in a project

Burp User | Last updated: Mar 28, 2017 06:20PM UTC

Hi, We have extensively done browsing to record as most URLs as possible for a particular website, and tested that version, which resides in: www.mydomain.com/uat/application. Now we've moved the same website to another URL, and we access that through: www.mydomain.com/preprod/application. The website, hyperlinks, pages, and applications are the same, but they are placed in another address. How can I change the project URLs from the /uat to /preprod, preserving the same crawled URLs from the previous project? I tried editing that on notepad and replacing the /uat by /preprod, but the project got corrupted. Thanks, Carlos We are moving on in our application development process from a version called UAT to another one called PREPROD. That way,

Liam, PortSwigger Agent | Last updated: Mar 29, 2017 09:54AM UTC

Hi Carlos Thanks for your message. You can achieve this using Burp: 1. Use the Copy URLs in this host / branch in the site map. 2. Configure an intruder attack to an arbitrary page. 3. Past the list of URLs in to the Payload Options settings in the Intruder > Payloads tab. 4. Make the necessary changes using match and replace rules using the Payload Processing options. 5. Start the attack. 6. Select the URLs in the Attack window, bring up the context menu and click "Add to site map". Please let us know if you need any further assistance.

Liam, PortSwigger Agent | Last updated: Mar 30, 2017 03:19PM UTC

If you see entries in the alerts tab relating to authentication failures, then this indicates that platform authentication is required for some of the requests that the Scanner is making. - https://portswigger.net/burp/help/options_connections#platformauth It's possible that some of the URLs requested during host-level active scanning are just being blocked. I suggest you install the Custom Logger extension to monitor the requests that are getting authentication errors. Please let us know if you need any further assistance.

Burp User | Last updated: Mar 23, 2018 10:01AM UTC

Hii, I am running burp to find the vulnerability issue. following configuration have been done from my end:- 1. I have pasted the url in scope provided in Target Tab 2. Then i put intercept off so that i may record my application by logging the application 3. Then in Spider tab, i had enabled spider & in spider scope i selects use suite scope 4. Then in spider tab, i navigate to options tab & for application login i selected "Don't submit login forms" 5. Then i clicked on Scanner tab & navigate to live scanning tab & in live active scanning i selected use suite scope 6. Then i started recording my application by login the application 7. Once it was done, when i started actively scanning the scan the project, scan gets started in scan queue but in alerts i am getting alert that "authentication failure from application url.com" Please help me to resolve the issue. How to resolve the issue "authentication failure from application url.com" ?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.