Burp Carbonator does not work for me
I am trying to play around with the carbonator feature of Burp using the demo.testfire application as a test run and had a few questions and issues.
I have installed carbonator and using the command " java -jar <path to burp> http://demo.testfire.net/bank/login.aspx 80". However, this just opens the Burp instance and does not do anything. Is there anything that I am missing out on?
Does Carbonator do an authenticated scan? If yes, how?
The Cabonator command line is slightly different to what you’ve used. Try this:java -jar path/to/burp.jar http demo.testfire.net 80 /bank/login.aspx
If that doesn’t work, go to Extender > Extensions > Carbonator > Errors – you may get an error message explaining what’s wrong.
For authenticated scans, first configure Spider with credentials and confirm that Spider is logging in correctly. The relevant area is Spider > Options > Application login.
Then click the cog icon next to Application Login, choose Save options and select “auth”.
You can then start Burp like this:java
It may take some experimentation, but you can get authenticated Carbonator scans working this way.