How Do I?
How do I manual add a vulnerability
Using the intruder functionality, i saw the application was vulnerable to a XSS (with a custom payload). Active/Passive Scan doesn't find it. So I have a hit but how can i flag this payload/result with this params as a match within the scanner result (or other place to be able to include this match into the final report) (and of course flag this with a type of XSS vuln and the relevant advi...7 Agent Answers 7 Community AnswersFeb 10, 2015 01:16PM UTC
How do I replace the content of a whole file?
Hi, a web app I am testing is requesting jar files from a web server. I want to replace the jar file the server sends back with a modified version. I can of course intercept the response and manually replace the response content, but this is error prone and takes time. I have certain timing issues that make manually pasting the jar file not an option. So, how do I replace the whole response ...2 Agent Answers 1 Community AnswerFeb 05, 2015 10:18AM UTC
Discover content requests with cookies
Hello, Is it possible to "Discover Content" using valid cookies to test for authenticated pages? I've run several sessions after using the "Discover Content" context menu from a request with a valid cookie, however the cookies do not seem to be used in the brute forcing. Thanks Mark2 Agent Answers 2 Community AnswersFeb 04, 2015 10:53AM UTC
java.net.socket Exception when configuring intruder through Burp Extender API
I am sending multiple HTTP req to intruder with positions marked using sendToIntruder() method in burp Extender API but when I click Launch attack I get java.net.socket in the alerts Tab and no status as 200/400 is coming in the launch attack results box. Can anybody please help in sorting out this1 Agent Answer 0 Community AnswerFeb 03, 2015 10:31AM UTC
How to auto load payloads for all intruder attack at one time through Burp Extender API
I have a payload file with 25 payloads. Can anybody help in sorting out how to auto load payloads through API. IIntruderPayload Generator generates only exetension payload which i need to again manually select from UI. Requirement is to directly load payloads.pay(my custom file) while invoking sendToIntruder menthod from BURP EXTENDER API.1 Agent Answer 0 Community AnswerFeb 03, 2015 08:18AM UTC
macro to replace part of URL
Hi, I need to test a request similar to /something/<a_different_ID_per_request>/ and need to fetch an valid ID prior to that request. Because the ID is a REST parameter I cannot simply do a macro + session handling rule that requests an valid ID and replaces it in the request being tested because there is no parameter name to match between the requests. Is it possible to achieve this w...1 Agent Answer 0 Community AnswerFeb 02, 2015 03:50PM UTC
Integrating Burp and Wireshark
I'd like to be able to set up Wireshark so it can decrypt HTTPS traffic which is passing through Burp. I know I can export the CA used by Burp but that doesn't help when a per server certificate is in use. Is there a way to get hold of the per server certificate so I can import it into Wireshark?1 Agent Answer 2 Community AnswersJan 30, 2015 09:50PM UTC
How do I generate a report after scanning without issue found
Dear Support, We have purchased a Burp Suite pro. I used its vulnerability scaner to scan our web server. I could not generate report when no issue found after scanning. I need it to show our management as a proof. Can you advise if it's possible and how to do it if it can be done. Thanks and best regards! Zhang Tao LGA Telecom1 Agent Answer 0 Community AnswerJan 28, 2015 12:42PM UTC
How Do I Supply A Preconstructed Target Site List?
The BURP documentation says that I should turn the proxy on and then do a bunch of work on my Web app in order to build a list of URLs to put in the Target Site list. I do this and it works fine. I'm concerned, however, that I might not be adding enough URLs to this list by doing this. Let's say I have a list of all the URLs my Web app responds to. Can I manually add these URLs to the...1 Agent Answer 0 Community AnswerJan 21, 2015 06:16PM UTC
Testing through Cisco Smart Tunnel
Has anyone ever tested an application that required them to use Cisco's Smart Tunnel SSL VPN? This is the quick one liner from Cisco discussing this solution: "A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser-based) SSL VPN session with the security appliance as the pathway and the security appliance as a proxy server." ...2 Agent Answers 2 Community AnswersJan 19, 2015 09:13PM UTC