How Do I?

Make a new post

  • Reporting only on POST not GET methods? (Scanner)

    Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some other data e.g. uifsid=0&_csrf= (the _csrf is the anti-CSRF token)). Anyhow, what I really would like to be able to do is report only on POST methods and not GET met...

    1 Agent Answer    0 Community Answer
    Feb 17, 2016 05:05PM UTC
  • Customize the report output?

    Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!

    1 Agent Answer    1 Community Answer
    Feb 17, 2016 03:45PM UTC
  • unlimited "number of retries on network failure"

    How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.

    1 Agent Answer    0 Community Answer
    Feb 16, 2016 09:51PM UTC
  • Items already scanned

    Are there any ways to highlight the items that have already been scanned manually or with active scanning?

    1 Agent Answer    1 Community Answer
    Feb 16, 2016 09:25PM UTC
  • "Report selected issues". is not visible in burpsuite_free_v1.6.32 version

    After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for the application. Then right-click to show the context menu, and select "Report selected issues". Does this feature not available in free editon of burpsuite_fre...

    1 Agent Answer    0 Community Answer
    Feb 15, 2016 11:58AM UTC
  • Regex Active Scanner

    Hello, I am a bit struggling to set a regex to match for filetypes and avoiding the Active Scanner to scan files like jpg/css/gif and so on. I created a rule like the to exclude URL path filenames with regext \.jpg$ but it doesn't work, when I browse to the page and have the scanner to automatically scan, start to scan the jpg files as well. Could you suggest me how to handle this exclus...

    2 Agent Answers    3 Community Answers
    Feb 14, 2016 11:14AM UTC
  • How does Burp check for Anti-CSRF tokens?

    How does Burp usually scan or validate anti-CSRF tokens? In other words, if the web application uses a form ID that does not contain one of the keywords which identify CSRF, does Burp use other methods? If so, how does it distinguish between Anti-CSRF tokens and other similar tokens such as authentication tokens, or other non-related tokens..? Thanks

    2 Agent Answers    1 Community Answer
    Feb 11, 2016 08:22PM UTC
  • burp is running with a black display

    Hi, I am currently experiencing some trouble with burp - out of nowhere. in the middle of my work, burp can no longer display anything. all i see is the process Icon (just like you minimize burp) , but i can't see the actual UI even when im pressing the icon / Alt+tab to the process.. etc i also tried to run it via the command line, but same result. is this issue is known to you ? ...

    4 Agent Answers    3 Community Answers
    Feb 11, 2016 02:40PM UTC
  • Website Requires Plug-in check

    Hello greetings. I am attempting to brute force a param. In order to test if the param supplied is valid the page first requires that the browser has a proprietary plug-in installed. The plugin is only supported in IE 11 and below. I have intercepted the request via proxy and sent to repeater where I replaced the user agent string to reflect that I am an IE 10 client. I do not however under...

    1 Agent Answer    1 Community Answer
    Feb 10, 2016 05:21PM UTC
  • Burp Intruder Bruteforcing too slowly

    Hi, I see that Burp Intruder is bruteforcing at the rate of 1-5 seconds per request. This means that in a minute I can do roughly 12-60 requests. This seems to be way too slow, is there any way to speed up bruteforcing? Best regards

    5 Agent Answers    4 Community Answers
    Feb 08, 2016 06:10PM UTC