How Do I?

Make a new post

  • changing responses exiting burp

    A thick java application needs gzipped responses, so I'm trying to make an extension that re-gzips HTTP responses going from burp to the application. However I can't find the right callback to register. Both IHttpListener and IProxyListener hook before I can manually edit the response. I want the extension to act after editing (when I click the forward button).

    1 Agent Answer    1 Community Answer
    Jul 09, 2015 09:35AM UTC
  • intercept proxy based applications

    I was trying to intercept an application (Internet Download Manager) requests after I configured it's proxy, I was able to intercept the request, however I don't receive response. could it be a certificate problem? if not, what is it

    3 Agent Answers    2 Community Answers
    Jul 09, 2015 05:40AM UTC
  • How do I manage JSON Web Token auth in Burp?

    So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.

    2 Agent Answers    5 Community Answers
    Jul 08, 2015 05:33PM UTC
  • Client certificate using Internet Explorer cert store?

    Greetings, Is it possible for Burp to use the Windows (IE) certificate store? I've got a client whose process requires client certificates, but the IE+applet procedure stores it directly. Trying to export the result for Burp's use does not appear to work. That would indeed be ideal however.

    1 Agent Answer    1 Community Answer
    Jul 07, 2015 04:44PM UTC
  • Clarification on Webservices scanning

    I have some clarifications on web service testing. Question 1: Is burp suite capable of performing testing webservices against all known vulnerabilities associated with web services ? All scanning options present under Active Scanning areas are applicable for web service testing ? or it is limited to subset of those ? Question 2: I browsed a website and it captured a webservice URL (and m...

    4 Agent Answers    3 Community Answers
    Jul 07, 2015 03:07PM UTC
  • Query Parameter in SSL Request, where is this?

    I am validating issues which were previously found. In the URL, the following information is available: GET /cleaned/servlet/ControllerServlet?commandLink=AppPriceReportList.jsp HTTP/1.1 Since the connection is via SSL, I would have expected that Burp would have flagged this as an issue. What happened?

    2 Agent Answers    1 Community Answer
    Jul 06, 2015 05:29PM UTC
  • Spidering - avoid getting all the products from store

    Hi there, I've been trying to spider a site and adding the results to the scope. The problem I'm facing is if we want to spider a store with a catalog of, for example, 10k items, it will try to crawl all those items (the URLs are different and no params are specified). Is there any configuration I am missing to avoid getting all the items crawled? If Burp does not have it yet, is ...

    1 Agent Answer    0 Community Answer
    Jul 06, 2015 03:26PM UTC
  • Transfer license from one user to another

    I have purchased Burp Suite for multiple users. Can you please tell me the steps to activate the second user using the license key that I have purchased ?

    2 Agent Answers    1 Community Answer
    Jul 06, 2015 09:03AM UTC
  • Intercept server request/client response

    Im running a game server and the masterserver request bunch of informations so it can show my server in a server list/browser this is the request from the server (wireshark) GET / HTTP/1.1 host: XX.XX.XX.XX:4545 (my game server ip) Connection: close and thats what my web server send back HTTP/1.1 200 OK Content-Type: application/json Access-Control-Allow-Origin: * Server: GameServer54...

    2 Agent Answers    1 Community Answer
    Jul 05, 2015 06:27AM UTC
  • Writing an extension to add a signature on requests

    Hello, I am testing a web service that expects one of the request parameters to contain a hash of the remaining parameters and a shared secret. If I do a scan of it with Burp Scanner the majority of the requests will be treated as invalid by the service, because of the signature mismatch. What I'd like to do is capture the request the scanner is making just before it is sent, calculate the...

    1 Agent Answer    0 Community Answer
    Jul 01, 2015 09:14AM UTC