How Do I?
intercept proxy based applications
I was trying to intercept an application (Internet Download Manager) requests after I configured it's proxy, I was able to intercept the request, however I don't receive response. could it be a certificate problem? if not, what is it3 Agent Answers 2 Community AnswersJul 09, 2015 05:40AM UTC
How do I manage JSON Web Token auth in Burp?
So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.2 Agent Answers 5 Community AnswersJul 08, 2015 05:33PM UTC
Client certificate using Internet Explorer cert store?
Greetings, Is it possible for Burp to use the Windows (IE) certificate store? I've got a client whose process requires client certificates, but the IE+applet procedure stores it directly. Trying to export the result for Burp's use does not appear to work. That would indeed be ideal however.1 Agent Answer 1 Community AnswerJul 07, 2015 04:44PM UTC
Clarification on Webservices scanning
I have some clarifications on web service testing. Question 1: Is burp suite capable of performing testing webservices against all known vulnerabilities associated with web services ? All scanning options present under Active Scanning areas are applicable for web service testing ? or it is limited to subset of those ? Question 2: I browsed a website and it captured a webservice URL (and m...4 Agent Answers 3 Community AnswersJul 07, 2015 03:07PM UTC
Query Parameter in SSL Request, where is this?
I am validating issues which were previously found. In the URL, the following information is available: GET /cleaned/servlet/ControllerServlet?commandLink=AppPriceReportList.jsp HTTP/1.1 Since the connection is via SSL, I would have expected that Burp would have flagged this as an issue. What happened?2 Agent Answers 1 Community AnswerJul 06, 2015 05:29PM UTC
Spidering - avoid getting all the products from store
Hi there, I've been trying to spider a site and adding the results to the scope. The problem I'm facing is if we want to spider a store with a catalog of, for example, 10k items, it will try to crawl all those items (the URLs are different and no params are specified). Is there any configuration I am missing to avoid getting all the items crawled? If Burp does not have it yet, is ...1 Agent Answer 0 Community AnswerJul 06, 2015 03:26PM UTC
Transfer license from one user to another
I have purchased Burp Suite for multiple users. Can you please tell me the steps to activate the second user using the license key that I have purchased ?2 Agent Answers 1 Community AnswerJul 06, 2015 09:03AM UTC
Intercept server request/client response
Im running a game server and the masterserver request bunch of informations so it can show my server in a server list/browser this is the request from the server (wireshark) GET / HTTP/1.1 host: XX.XX.XX.XX:4545 (my game server ip) Connection: close and thats what my web server send back HTTP/1.1 200 OK Content-Type: application/json Access-Control-Allow-Origin: * Server: GameServer54...2 Agent Answers 1 Community AnswerJul 05, 2015 06:27AM UTC
Writing an extension to add a signature on requests
Hello, I am testing a web service that expects one of the request parameters to contain a hash of the remaining parameters and a shared secret. If I do a scan of it with Burp Scanner the majority of the requests will be treated as invalid by the service, because of the signature mismatch. What I'd like to do is capture the request the scanner is making just before it is sent, calculate the...1 Agent Answer 0 Community AnswerJul 01, 2015 09:14AM UTC
Importing CA certificate into cert
I have read the howto and i am trying to do the following in order to create new cert and import it into burp. 1. openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der 2. openssl rsa -in server.key -inform pem -out server.key.der -outform der 3. openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt ...1 Agent Answer 0 Community AnswerJun 29, 2015 03:01PM UTC