How Do I?

Make a new post

  • Problem generating a CSRF PoC

    I understand how basic CSRF works and i have reported some csrf issue to some bug bounty programs in the past, but i have encountered this issue that i don't know what to do. I get this little message when trying to generate a CSRF PoC on a POST request without csrf token or headers: > Warning: The CSRF form uses a different encoding type than the original request, and so the applic...

    0 Community Answer
    Oct 15, 2019 09:15PM UTC
  • Exploiting cross-site scripting to steal cookies

    I inject javascript code to steal cookies but the online lab doesn't simulate another user who views blog comments after they are posted ... any idea why ? Known bug ? I don't use Burp Collaborator but a service hosted on Heroku. Thanks for any help

    0 Community Answer
    Oct 15, 2019 03:38PM UTC
  • Forwarding requests not working

    Hey folks, yesterday i noticed that i am not able to forward requests through the burp (it worked a month ago or so). I tried it in 2 Kali VMs and 1 ubuntu 1904. The proxy in firefox and burp are configured. The requests i send are intercepted but not forwarded - the Intercept tab stays empty but the browser is loading a long time until Burp return "Reply from SOCKS server has bad ver...

    2 Agent Answers    1 Community Answer
    Oct 15, 2019 09:34AM UTC
  • Scan authenticate

    hello, I would like to carry out an authenticated scan on the domain Y but to access this domain I must login on the domain X. Can I do it with burp professional ? If this is possible, how can I do it ?

    1 Agent Answer    0 Community Answer
    Oct 11, 2019 03:07PM UTC
  • A rule for avoiding socket.io noise?

    Hi dear portswigger community... could you recommend any rule / way in order to avoid intercepting all the data being sent over sockets? There's a video streaming in the background, and I'm trying to capture and work with a limited set of parameters, but the amount of data makes it hard to properly intercept... Thanks!

    1 Agent Answer    0 Community Answer
    Oct 11, 2019 12:37PM UTC
  • Run Intruder attack in silent mode

    Hi All, I just download a free trial of Burp Suite Professional to evaluate it I tried to configure a couple of intruder attacks in Brute Forcer mode but the GUI of my Ubuntu 18.04 crashed both times (I assume due to huge number of Intruder window refreshes) I was wondering if there is any way to run an attack not in GUI mode, checking the progress and results from suite dashboard Thanks

    2 Agent Answers    1 Community Answer
    Oct 11, 2019 08:13AM UTC
  • Cannot scan using Burp

    Hi , My website asks for authentication on accessing the url. Once credentials are entered , my login is successful. This is without Burp proxy But once I set up Burp as proxy and access the website, I cannot login and 'unauthorized access" alert is displayed. Website is using NLTM authentication. Can you please tell me how to perform Burp scan in such scenario ? Rds, Garry

    1 Agent Answer    0 Community Answer
    Oct 10, 2019 06:57AM UTC
  • step3 never progress after several hours

    Hi, I launch a scan and audit for a website. step1: live passive crawl, step2: live audit from proxy, step3: crawl and audit of website, step1 and step 2 finish in one hour, but in step3, it progress 30%, after five hours, it still progress 30%, never move, I can only scan the website five hours. so how to correct the problem? should I reduce the depth to 5 instead of default 8, or I should adj...

    2 Agent Answers    1 Community Answer
    Oct 10, 2019 02:29AM UTC
  • How to modify https response

    In Repeater, we can edit request and see the response, but same way can we edit response and see the output ?

    1 Agent Answer    0 Community Answer
    Oct 09, 2019 11:33AM UTC
  • hidden field in form

    how to find hidden field in one web form given a url in burp? thanks

    1 Agent Answer    1 Community Answer
    Oct 09, 2019 03:36AM UTC