Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
Burp Suite Professional and Community editions | Burp Suite Enterprise Edition |
Burp Scanner | Burp Collaborator |
Burp Infiltrator | Full Documentation Contents |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
API documentation | Writing your first Burp Suite extension |
Sample extensions | View community discussions about Extensibility |
Burp suite shows error codes instead of meaningful result.
Hi team,
I am using burp suite v2.1.05.
Regarding the result that burp suite showed about Cookie manipulation (DOM-based),
I would like to ask you what it means below:
Because I can't find any cookie manipulation related code from my source code.
Dynamic analysis
Data is read from input.value and passed to document.cookie.
The source element has id tenantName and name tenantName.
The following value was injected into the source:
The previous value reached the sink as:
mv8uyuuhlh%2527%2522`'"/mv8uyuuhlh/><mv8uyuuhlh/\>x5m89uq3t6&-fido2login=false; path=/; expires=Tue, 26 Nov 2019 18:48:25 GMT;
The stack trace at the source was:
at Object.FjTfo (<anonymous>:1:319569)
at Object.ymznZ (<anonymous>:1:681627)
at HTMLInputElement.get (<anonymous>:1:686561)
at HTMLInputElement.get [as value] (<anonymous>:1:787041)
at Object.val (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:68704)
at Object.a.fn.val (https://https://{domain name}:{port}/{context root}/lib/js/aui/aui-widgets-1.11.1.min.js:3:31956)
at passwordLogin (https://{domain name}:{port}/{context root}/:352:36)
at doLogin (https://https://{domain name}:{port}/{context root}/:329:13)
at HTMLInputElement.<anonymous> (https://{domain name}:{port}/{context root}/:272:13)
at HTMLInputElement.dispatch (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:42571)
at HTMLInputElement.v.handle (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:40572)
at _0x27baa0 (<anonymous>:1:884672)
at Object.pyhcP (<anonymous>:1:345450)
at _0x24df34 (<anonymous>:1:895368)
The stack trace at the sink was:
at Object.hNlNt (<anonymous>:1:337090)
at Object.tJcyh (<anonymous>:1:872853)
at HTMLDocument.Object.<computed>.set (<anonymous>:1:873868)
at setCookie (https://{domain name}:{port}/{context root}/fido/js/util/fidoUtil.js:862:21)
at passwordLogin (https://{domain name}:{port}/{context root}/:352:9)
at doLogin (https://{domain name}:{port}/{context root}/:329:13)
at HTMLInputElement.<anonymous> (https://{domain name}:{port}/{context root}/:272:13)
at HTMLInputElement.dispatch (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:42571)
at HTMLInputElement.v.handle (https://{domain name}:{port}/{context root}/lib/js/jquery/jquery-3.4.1.min.js:2:40572)
at _0x27baa0 (<anonymous>:1:884672)
at Object.pyhcP (<anonymous>:1:345450)
at _0x24df34 (<anonymous>:1:895368)
This was triggered by a keypress event on an element with an id of username and a name of username with the following HTML:
<input type="text" id="username" name="username" tabindex="1" height="50px" class="sign_input" place
Hi
To help us understand your issue could you email us the full issue detail from Burp Suite to support@portswigger.net.