How Do I?

Make a new post

  • Detection of Cross Site Scripting

    I recently used Burp Suite to perform a XSS scan. A reflected XSS vulnerability was reported. When I reviewed the request and response I noticed that the supplied input is exactly echoed in the output. Case 1 Two inputs below Input and Output: f1466'style='behavior:url(#default#time2)'onbegin='alert(1)'31b9b Input and Output: 508e9"-alert(1)-"dcc3a ...

    1 Agent Answer    0 Community Answer
    Apr 15, 2015 05:59AM UTC
  • Utterly unclear on the purpose of spider

    My impression is that spider expands the sitemap as it crawls, aided by its form submission abilities, etc. But after I spider my entire host, I notice that manual active scanning the entire host does not make a difference in the number of URLs populating the scan queue, compared to just actively scanning the host alone without spidering first. So does spidering not increase the number of ...

    1 Agent Answer    0 Community Answer
    Apr 14, 2015 03:21PM UTC
  • How do I clear all site maps/proxy history etc. quickly?

    I can't find a simple way of clearing all the history quickly - I need to reset settings, select all targets, clear, select all proxy history, clear. Is there not a one button way to do this?

    3 Agent Answers    2 Community Answers
    Apr 13, 2015 01:42PM UTC
  • How to insert Intruder payloads before original parameter value

    Hello, I'd like to insert Intruder payloads before original parameter value. The purpose of this is to assess an application which checks the first fixed numbers of letters in a parameter value. Could you give me any advice? Regards, tosebro

    1 Agent Answer    1 Community Answer
    Apr 10, 2015 08:21AM UTC
  • JSON and form-urlencoded encoded payloads in Burp Intruder

    The application I'm running a security assessment on encodes POST requests as a URL encoded parameter containing JSON. e.g. bar={"options"%3a{"key"%3a"26b678c6-1d75-41c0-8a20-d9882828c76c","description"%3a"Foo"...<snip>&key=26b678c6-1d75-41c0-8a20-d9882828c76c Is there a way to automatically encode payloads using Burp for us...

    2 Agent Answers    3 Community Answers
    Apr 09, 2015 01:09PM UTC
  • Installing Burp's CA Certificate in an Headless Android Emulator

    Hi, I am using an headless android emulator with API leve 19 on amazon ec2 ubuntu instance. Can you please with installing Burp's CA certificate in an headless android emulator ? Thanks, Chhagan Mathuriya

    2 Agent Answers    1 Community Answer
    Apr 09, 2015 09:40AM UTC
  • save proxy message

    is it possible to save request and response contents into file programmatically ? like manually we can do by HTTPHISTORY tab->right click and select save item to save the message contents into specified file can it be done through burp extension if so how to achieve it?

    1 Agent Answer    0 Community Answer
    Apr 09, 2015 05:49AM UTC
  • Insert Images

    How to insert images when I am making a public post in the new version of the forums ? In the previous version of forums/board I was able to insert, but this one I am not able to do so. Please help me.

    1 Agent Answer    0 Community Answer
    Apr 08, 2015 12:14PM UTC
  • Integrate BurpPro with late-model kali linux (@ kali.org)

    I download and use kali linux and keep current with their updates. It has the burp suite already. 1. If I purchase the PRO version (@ $299/yr) as I'd be the only person using it... how do I install it into kali? Is that just a regular .deb installer? 2. What happens when a regular kali update occurs with something for the existing burp suite (basic?)... will that mess with/destroy the...

    1 Agent Answer    1 Community Answer
    Apr 07, 2015 05:56PM UTC
  • TLSv1 Connection issue

    How do I make Burp connect to a TLSv1, 256 bits, AES256-SHA only website?

    1 Agent Answer    1 Community Answer
    Apr 06, 2015 03:36PM UTC