How Do I?
Reporting only on POST not GET methods? (Scanner)
Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some other data e.g. uifsid=0&_csrf= (the _csrf is the anti-CSRF token)). Anyhow, what I really would like to be able to do is report only on POST methods and not GET met...1 Agent Answer 0 Community AnswerFeb 17, 2016 05:05PM UTC
Customize the report output?
Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!1 Agent Answer 1 Community AnswerFeb 17, 2016 03:45PM UTC
unlimited "number of retries on network failure"
How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.1 Agent Answer 0 Community AnswerFeb 16, 2016 09:51PM UTC
Items already scanned
Are there any ways to highlight the items that have already been scanned manually or with active scanning?1 Agent Answer 1 Community AnswerFeb 16, 2016 09:25PM UTC
"Report selected issues". is not visible in burpsuite_free_v1.6.32 version
After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for the application. Then right-click to show the context menu, and select "Report selected issues". Does this feature not available in free editon of burpsuite_fre...1 Agent Answer 0 Community AnswerFeb 15, 2016 11:58AM UTC
Regex Active Scanner
Hello, I am a bit struggling to set a regex to match for filetypes and avoiding the Active Scanner to scan files like jpg/css/gif and so on. I created a rule like the to exclude URL path filenames with regext \.jpg$ but it doesn't work, when I browse to the page and have the scanner to automatically scan, start to scan the jpg files as well. Could you suggest me how to handle this exclus...2 Agent Answers 3 Community AnswersFeb 14, 2016 11:14AM UTC
How does Burp check for Anti-CSRF tokens?
How does Burp usually scan or validate anti-CSRF tokens? In other words, if the web application uses a form ID that does not contain one of the keywords which identify CSRF, does Burp use other methods? If so, how does it distinguish between Anti-CSRF tokens and other similar tokens such as authentication tokens, or other non-related tokens..? Thanks2 Agent Answers 1 Community AnswerFeb 11, 2016 08:22PM UTC
burp is running with a black display
Hi, I am currently experiencing some trouble with burp - out of nowhere. in the middle of my work, burp can no longer display anything. all i see is the process Icon (just like you minimize burp) , but i can't see the actual UI even when im pressing the icon / Alt+tab to the process.. etc i also tried to run it via the command line, but same result. is this issue is known to you ? ...4 Agent Answers 3 Community AnswersFeb 11, 2016 02:40PM UTC
Website Requires Plug-in check
Hello greetings. I am attempting to brute force a param. In order to test if the param supplied is valid the page first requires that the browser has a proprietary plug-in installed. The plugin is only supported in IE 11 and below. I have intercepted the request via proxy and sent to repeater where I replaced the user agent string to reflect that I am an IE 10 client. I do not however under...1 Agent Answer 1 Community AnswerFeb 10, 2016 05:21PM UTC
Burp Intruder Bruteforcing too slowly
Hi, I see that Burp Intruder is bruteforcing at the rate of 1-5 seconds per request. This means that in a minute I can do roughly 12-60 requests. This seems to be way too slow, is there any way to speed up bruteforcing? Best regards5 Agent Answers 4 Community AnswersFeb 08, 2016 06:10PM UTC