How Do I?

Make a new post

  • Make Enterprise/agent scans fully explore apps with complex logic?

    We use Burp Pro and our usual process is to proxy a browser session where we use the entire application top to bottom through Burp and build a history of base requests and responses to then pass off to the automated scanner. How is this accomplished with the Enterprise/agent scans? Thanks!

    1 Agent Answer    1 Community Answer
    Sep 17, 2019 04:35PM UTC
  • Burp Pro v2.1.03 - Crawl and Audit Scan with Authentication (Node.JS application)

    I'm using Burp Pro V2.1.03 to test Node.JS application (OWASP Juice Shop) and configured New Scan with Crawl and Audit with Application Login, but Crawl and Audit is only happening without authentication, scanner is not doing an authenticated Crawl and Scan, tried with Macro but no luck. Am I missing anything over here?

    1 Agent Answer    0 Community Answer
    Sep 17, 2019 03:40PM UTC
  • automation support of each functionalities

    Hi, I have burp suite professional with subscription. Actually there raise a scenario where we need to check a webapi which has to pass the login page and test particular webapi for vulnerability, also after getting there the particular GET method i need to put that on repeater and check with multiple values. can this be automated with command line?

    1 Agent Answer    0 Community Answer
    Sep 17, 2019 11:40AM UTC
  • Burp Enterprise unattended install -- what is the administrator password?

    When doing an unattended install from a response file generated by a previous install, e.g. `./burpsuite_enterprise_linux_v1_1_02.sh -q -varfile response.varfile`, what's the administrator password set to? The password from the previous installation is not saved to response.varfile.

    2 Agent Answers    2 Community Answers
    Sep 13, 2019 11:04PM UTC
  • Basic Auth: 1 Position, but should be two?

    I am following some guides and it says for basic auth to select the hash and then use a colon as thew position seperator/select Base64 etc. I am confused as there should be two positions? For the username list and password list it is one thing I select and they want me to enter two positions? Its https and I have the CA etc. GET /cgi-bin/webif/system-info.sh HTTP/1.1 Host: 192.168.100.10:555...

    1 Agent Answer    0 Community Answer
    Sep 13, 2019 09:12PM UTC
  • Enterprise questions

    We are using a Burp Pro License and exploring the Enterprise edition possibility in our company. I took a look at most of the documentation in the page but I was wondering if there is additional documentation and examples. Among the questions I have: - Is there additional documentation for the REST API and Enterprise documentation interaction and how to apply in the CI/CD pipe? - Is it po...

    1 Agent Answer    0 Community Answer
    Sep 13, 2019 05:47PM UTC
  • Exported certificate mismatch with this from proxy connection

    Hi, I regenerate certificate on burp, restart it, export from burp, import to firefox and passing requests thru burp then I have "MOZILLA_PKIX_ERROR_MITM_DETECTED" where after checking serial number and SHA1 between both certificates (this one from "check certificate" when error occured and this one imported previously) I can see that they are different! What is happening? Im ...

    2 Agent Answers    2 Community Answers
    Sep 13, 2019 10:35AM UTC
  • I have a license key of burp suite professional which is provided by my company.

    I have a license key of burp suite professional which is provided by my company. where can i able to download Burp suite professional software please help me.

    1 Agent Answer    0 Community Answer
    Sep 13, 2019 06:39AM UTC
  • Burp and Zap work together properly

    I been over this few days now and cant figure it out. I am using newsest eddition Kali Linux, updated Firefox and Java. My Firefox proxy set to 127.0.0.1 8090 only then docent give HTTP certificate error, but should be 8080 to match Burp-suite proxy listener. Upstream proxy is set to 127.0.0.1 8090. Zap local proxy is set to 127.0.0.1 8090 and a new certificate is generated and uploaded t...

    1 Agent Answer    0 Community Answer
    Sep 13, 2019 06:05AM UTC
  • How do I perform a completely headless install and execution of Burpsuite Pro on Linux?

    I'm trying to find instructions on how to perform a completely headless install of Burpsuite Pro on a Linux box (CentOS6) and I can find instructions on how to install using the shell script, but when it comes time to connect to the WebUI, a proxy spins up yet I'm not able to connect to the WebUI just yet. I saw a mention regarding an initial GUI wizard that needs to be completed before ...

    1 Agent Answer    0 Community Answer
    Sep 12, 2019 05:38PM UTC