How Do I?
Burp Spider deleted controls in a SalesForce application
Hi - We recently spidered a Salesforce application and this resulted to changes in the application such as: Deleted custom field Changed the UI Skin Changed Enable Drag-and-Drop Editing on Calendar Views from on to off Changed formula of Month custom field etc The Automatically Submit forms was enabled. Why would burp spider be able to do these things. What default values does...1 Agent Answer 0 Community AnswerMay 18, 2018 02:27AM UTC
Automate Burp License Activation
We are working on a project, where we wanted to deploy Burp on a container in a ci/cd. Is there a way to automate the Burp License Activation process programmatically eitherway in a headless mode ? Has anyone given it a try earlier? Pranav1 Agent Answer 0 Community AnswerMay 14, 2018 10:19PM UTC
I have an iOS app I'm testing on an iPhone 5c running iOS 10.3.3. The Burp certificate is correctly installed on the device as I'm able to see https web requests and https app requests from other applications within Burp without issue. When I launch the target app I receive "The client failed to negotiate an SSL connection to <client>.com:443: Received fatal alert: certi...1 Agent Answer 0 Community AnswerMay 11, 2018 03:39PM UTC
How do i prevent cookie ID injections in the request parameter?
I have a case where we recorded a bunch of URL's and re-scanning them. During the re-scan the session expired. So to create an active session i have created a session handling rule to trigger login and create a new Session ID which is updated in the cookie jar. I also used the 'use Cookie jar from Burp's cookie jar' to ensure the rest of the requests are using the valid Sessi...1 Agent Answer 0 Community AnswerMay 11, 2018 04:48AM UTC
I would like to know how to run analytics1 Agent Answer 0 Community AnswerMay 10, 2018 08:46PM UTC
Missing identification of SQL injection
test0 Community AnswerMay 10, 2018 01:17PM UTC
Fuzz APIs ?
Do burp is having any extension which can help in Pen test of APIs ? Like another tool API fuzzer ? along with Intruder what else can be used to do API pen test automatically ?1 Agent Answer 0 Community AnswerMay 10, 2018 12:04PM UTC
How to stop DOM Based Link Manipilation in struts2.5
Hi, Could you please help me resoving issue of DOM Based Link Manipilation in struts2.5. Its saying whitelisting of URLs, which I have already done in web.xml, but still its not stopping URLs which are already available in project.1 Agent Answer 0 Community AnswerMay 10, 2018 09:40AM UTC
Not able to intercept specific HTTPS traffic
Hello, I am not able to intercept the HTTPS traffic using burp. I have installed certificate. I able to intercept the https://www.google.com but not able to intercept one specific URL. When i set the proxy, URL main page itself is not loading.1 Agent Answer 0 Community AnswerMay 10, 2018 08:44AM UTC
client failed to negotiate an ssl connection burp
hi guys i have installed burp ca in emulator and it is in user certificate option of phone but when i run any app it says "client failed to negotiate an ssl connection burp" what should i do ? thanks1 Agent Answer 0 Community AnswerMay 08, 2018 07:57AM UTC