How Do I?

Make a new post

  • support documentation

    i was hoping that you all had an all-encompassing user guide with all content in one doc. i found the following, which shows all help pages, but i'd really like to get all of that content in one file that i can review offline. here's the page containing linked content: thanks, -Donovan

    1 Agent Answer    0 Community Answer
    Oct 05, 2015 09:10PM UTC
  • How to pentest a web site that behind reverse proxy?

    Is it possible to pentest a web site that behind reverse proxy? If yes, how to?

    1 Agent Answer    0 Community Answer
    Oct 04, 2015 11:49AM UTC
  • Probable bug in session handling macro

    Hi I am using latest version of Burp and created a Macro to login to complex website. It requires at least four request to complete the login sequence. Below are the first three requests (sanitised) First Request GET /AppsLogin HTTP/1.1 Host: Response HTTP/1.1 302 Moved Temporarily Location: Set-Cookie: BIGipServe...

    1 Agent Answer    1 Community Answer
    Oct 03, 2015 03:55AM UTC
  • Intercept not working

    when proxying through burp, intercept is on but , its not intercepting the traffic(for me to drop or forward), but see traffic in http history

    3 Agent Answers    4 Community Answers
    Oct 02, 2015 06:17PM UTC
  • Multiple usernames as Prefixes when Base64 encoding authentication

    Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication mechanism Base64 encodes the username & password in a username:password format before forwarding it to the server, so i can only highlight the one position once it's sen...

    1 Agent Answer    0 Community Answer
    Oct 02, 2015 08:17AM UTC
  • Burp session handling in multiple scanner threads

    Hi all, I just wanted to know how burp handles in-session detection and subsequent macro execution while scanning using multiple threads. Suppose the following scenario. I log in the application and get a valid session token I browse the app and record several urls I want to scan. I set in session detection and application relogin in case I detect a logout. I choose them and start sca...

    6 Agent Answers    5 Community Answers
    Sep 30, 2015 03:15PM UTC
  • Session validataion and Loop issue

    I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or not. Since I am using 5 threads, Lets say Thread 1 is sent and session handling rules finds it invalid session. So the macro will run, login process will happen(according to macro) a...

    1 Agent Answer    0 Community Answer
    Sep 30, 2015 01:09PM UTC
  • fatal alert: unknown_ca in Burp's "Alerts" tab

    Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to negotiate an SSL connection to Received fatal alert: unknown_ca" Also for and and...

    1 Agent Answer    1 Community Answer
    Sep 29, 2015 06:17PM UTC
  • How do i add al subdomains to scope?

    I have the domain How can i add all the subdomains to the scope? *

    1 Agent Answer    1 Community Answer
    Sep 28, 2015 09:53PM UTC
  • Security Headers for POST response

    Hello, I noticed a few POST response (whether 200 or 302) is not having a XSS protection/ Content sniffing / Click Jacking prevention header set and burp suite detected that as a vulnerability. Is there a specific reason why a few POST responses are not having these headers set ? Is this not required ? This is not directly related to Burp Suite functioning, but just wanted to check here....

    3 Agent Answers    3 Community Answers
    Sep 28, 2015 01:54PM UTC