How Do I?

Make a new post

  • Initiating scans through API

    Hi, Every scan initiated via Burp's API initiates a crawling and auditing stage. It is possible to pre-configure an audit configuration and use it for the scan. However, I don't see an option to do that for a crawling configuration, or even to initiate a scan without the crawling stage altogether. Can you please confirm if it is/isn't possible to do that in a Pro version? If not,...

    2 Agent Answers    1 Community Answer
    Oct 04, 2019 08:15AM UTC
  • OWASP and issue

    in burp pro version, we have find many issue : , but in the advisory tab, there is no OWASP 2017 category (for example A1: injection, A2: broken authen)mentioned, so how to find OWASP category in burp? I have around 20 issues

    2 Agent Answers    1 Community Answer
    Oct 04, 2019 04:02AM UTC
  • authent scan and un-authent scan in one project file

    we need to scan www.zzz.com(unauthen scan) and www.zzz.com/abc(authent scan), i'm given credentials under www.zzz.com/abc in user options/platform authen, I configure user credentials basic authen for www.zzz.com(host), but after scan, in dashboard, it shows unauthen scan, so how to do authent scan for /abc and unauthen scan for www.zzz.com in one project file? thanks

    1 Agent Answer    0 Community Answer
    Oct 03, 2019 02:55AM UTC
  • License usage

    How do I check my team's license usage. I am new to Burp. Thanks, Jay

    2 Agent Answers    0 Community Answer
    Oct 02, 2019 09:28PM UTC
  • Burp Enterprise Questions

    -In Burp enterprise is there any other way to extract a more detailed report besides the HTML Scan summary report obtained like with the one of Burp Pro? -Regarding scanning capabilities :Which are the differences if any from enterprise and pro versions?. will the find the same vulnerabilities if just running the audit functions? - Is there a way to retest vulnerabilities found in pro and im...

    3 Agent Answers    2 Community Answers
    Oct 02, 2019 05:20PM UTC
  • How to setup Burp to intercept a client apps?

    I have a .exe client installer and I am wondering whether I can use Burp to intercept the traffic of this client application after I install it on my laptop? If yes, how can I do that?

    1 Agent Answer    0 Community Answer
    Oct 02, 2019 02:19AM UTC
  • authent scan with client ssl

    I need to do authent scan for a website, I configure credential in user options, is it enough? do I need to configure session handling rules? do I need to configure browser to use burp root certificate? do I need to configure scan configuration to use credentials? do I need to configure client ssl in user option?

    1 Agent Answer    0 Community Answer
    Oct 02, 2019 01:43AM UTC
  • Report should include the Audit Items

    Hi Team, I'm using Burp Suite Professional and I'm looking for an option to add the list of audit items to the issue report. The goal is to have an evidence about the scan of the website site for my customer. Any hints or better suggestions to achieve this? Regards Reiner

    1 Agent Answer    0 Community Answer
    Oct 01, 2019 11:12AM UTC
  • Burpsuite username and password dictionary files

    we are using burp intruder, we need user name and password emulation. does portswigger provide username and password dictionary files , so we can use it as payload, where can I download such files

    1 Agent Answer    0 Community Answer
    Oct 01, 2019 01:11AM UTC
  • test xpath injection, cookies attributes, exposed session variables and session fixation

    how to test test xpath injection, cookies attributes, exposed session variables and session fixation and doing PoC (proof of concept)

    1 Agent Answer    0 Community Answer
    Sep 30, 2019 03:53AM UTC