How Do I?

Make a new post

  • Spidering only POST

    Hello, I would like to spider only POST requests (and follow redirection). Is it possible ? I verified if there are any options to define the scope based on POST method, but I couldnt find any. In short, I would like to test only POST request (I know while click on perform active scan,we can select only POST request, but I want to achieve that while spidering ) This is reduce time and ban...

    1 Agent Answer    1 Community Answer
    Sep 25, 2015 06:42AM UTC
  • Invalid client request received: Failed to parse target host and port from CONNECT request

    I'm connecting android/ios devices to burpsuite to intercept my mobile application requests. Every other website can be easily intercepted (both http and https) But I don't know what's wrong with my application. I get a message in the Alert tab saying : Invalid client request received: Failed to parse target host and port from CONNECT request Please help me solve this issu...

    1 Agent Answer    0 Community Answer
    Sep 22, 2015 11:29AM UTC
  • Renew License

    I would like to know if it's possible to renew a burp license from the command line? (on Linux) from the command line? (on Linux)

    2 Agent Answers    1 Community Answer
    Sep 17, 2015 12:20AM UTC
  • Setting proxy.MasterIntercept to 0

    In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to 'false' scanner.testcommandinjection scanner.testcommandinjectionblind scanner.testcommandinjectioninformed scanner.testCsrf scanner.testheaderinjection scanner.testheadermanipula...

    2 Agent Answers    2 Community Answers
    Sep 16, 2015 06:22PM UTC
  • Performing an ActiveScan to perform scan against non-body parameters

    I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), scanJob.getOffsets(testCaseParam, baseRequestResponse)); In getOffsets(), we identify which parameters are available and if they match, we get the offse...

    1 Agent Answer    1 Community Answer
    Sep 16, 2015 06:17PM UTC
  • Deleting scanned items

    In older version of Burp Suite, 'Delete Scanned Items' used to exist. that was helpful in clearing the queue. With latest version, that option is not visible(only Hiding is available). As a result , I have to close and start Burp Suite for every scan to avoid displaying scanned items of last scan. Is there any alternative to this ? Thanks, Kunal

    8 Agent Answers    7 Community Answers
    Sep 14, 2015 06:06PM UTC
  • Set socks proxy in headless mode

    I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?

    1 Agent Answer    0 Community Answer
    Sep 11, 2015 07:29AM UTC
  • Session Management

    I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie jar 2. How to manage thread scanning the application like how can I tell to a particular thread to use a cookie from a particular cookie jar Thanks in advance...

    1 Agent Answer    0 Community Answer
    Sep 10, 2015 07:08AM UTC
  • XSS in json parameters

    Hello? I have got several XSS issues from the Burp Scanning but they couldn't be exploitable as the response messages have 'Content-Type: application/json' header. I investigated this with old browsers (e.g. IE8) but they didn't execute the script either. In this case, could I say the application is safe from XSS issue? When can this vulnerability still be dangerous...

    3 Agent Answers    2 Community Answers
    Sep 08, 2015 08:39PM UTC
  • Best approach for web-application testing with a webservice.

    The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the browser. While I'm aware I can route all traffic through the same instance of Burp, what I need is a passive fuzzing, where I can send the same request f...

    1 Agent Answer    0 Community Answer
    Sep 08, 2015 02:50PM UTC