How Do I?

Make a new post

  • Custom Header

    I installed the Add Custom Header extension and everything is fine with it. However, I have a question. Can someone tell me the exact steps I need to take to change my default username to a custom username?

    1 Agent Answer    1 Community Answer
    Jun 24, 2019 01:00PM UTC
  • Recreate burp open redirection (dom-based) dynamic analysis

    We have a number of 'Open Redirection (DOM-based)' findings. In each case, the reported Request and Response look perfectly normal. The Dynamic analysis (DA) shows something completely different. When I Repeat the DA GET request, I still get the normal Response, not the error message shown in the DA. What is missing?

    1 Agent Answer    0 Community Answer
    Jun 21, 2019 03:10PM UTC
  • Add an "options" tab like the one the Proxy tool has to an extension

    Hello, i am looking on how can I add an options tab like the one appearing in the Proxy Tool (here -> https://i.imgur.com/rxerJ5P.png) to a new extension I am trying. The extension is similar to the one here https://github.com/PortSwigger/example-custom-editor-tab/tree/master/java

    3 Agent Answers    2 Community Answers
    Jun 21, 2019 09:46AM UTC
  • Blind XSS attacks register on XssHunter Site but not when repeated in Intruder.

    Hello, I am using a blind XSS payload using XSS hunter (https://xsshunter.com). When I enter the payload manually into my test site: http://xss.in-secure.org/test.php?name=%22%3E%3Cscript%20src=https://insecureorg.xss.ht%3E%3C/script%3E It will register as received or fired on Xss Hunter's website. When I do the same attack using Burp Intruder, it does not show up on their site. ...

    1 Agent Answer    0 Community Answer
    Jun 19, 2019 08:57PM UTC
  • Scan Targets behind CAS

    Hi, I want to run the scanner on a target that is behind CAS. How do I setup authentication for this scenario? Thank you Anup

    1 Agent Answer    0 Community Answer
    Jun 19, 2019 05:58PM UTC
  • Replace expired access token in scanner request headers with the valid access token all at once

    Hi Background : I am trying to scan our website using Burp scanner. I am able to configure session handling rules (https://support.portswigger.net/customer/portal/articles/2363088-configuring-burp-s-session-handling-rules). I have used Burp's extender and python script to successfully replace expired access tokens of the current request (https://www.foregenix.com/blog/testing-problematic-a...

    1 Agent Answer    0 Community Answer
    Jun 18, 2019 11:36PM UTC
  • Burp Headless Passive Scanning

    Hi, new to Burp. I'm looking for a way to passively scan HTTP responses from a server to see if there are any vulnerabilities while burp is running headless, but not actively scan. I've found a few "headless" extensions, like https://github.com/NetsOSS/headless-burp/, but it seems that it is centered around active scanning (have to specify target scope/site and let it ru...

    2 Agent Answers    1 Community Answer
    Jun 18, 2019 09:59PM UTC
  • Interpreting path info in "strict transport security not enforced" issues

    Hi, In "target"->"site map"->"Issues" tab, I sometimes see reported issues labelled "Strict transport security not enforced" with a path set to "/", but when the request is shown, the path is actually something else. e.g. in the "issues" panel: ! Strict Transport Security not enforced [1] --! / --! /api/ --! /api/getObj...

    1 Agent Answer    1 Community Answer
    Jun 18, 2019 12:45PM UTC
  • Burp Enterprise: Failed to initialize database

    Hi, I'm trying to install Burp Enterprise on an already configured database following the documentation here: https://portswigger.net/burp/documentation/enterprise/getting-started/installation#database-setup However, after I configure the database the installation ends with the following. Initializing database ... Failed to initialize database Finishing installation ... No error...

    1 Agent Answer    1 Community Answer
    Jun 18, 2019 10:40AM UTC
  • I can't see a POST Requet in Proxy Intercept menu but it is in the HTTP history menu

    I should find out a specific POST REQUEST in Proxy Intercept menu.. I couldn't find this in the menu but it was in HTTP HISTORY menu.. How can I find this in intercept menu..?

    1 Agent Answer    0 Community Answer
    Jun 17, 2019 03:38PM UTC