How Do I?
How to flag only new issues when Burp is run on a continuous basis
Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The only thing I could find in the documentation is: http://portswigger.net/burp/help/scanner_reporting.html The serialNumber element: contains a long integer that is unique to t...1 Agent Answer 0 Community AnswerJun 17, 2015 03:14AM UTC
Spider a application with form based login
For spidering I filled in the scope at Target > Scope. And at Spider > Options I used for "Application Login" > "Prompt for guidance". But after running the spider as "Spider from here" (as it was the / site) only a small requests are made. If I do not use login, I get over 1000s of requests. 1) Do I see which requests are sent and what the responses...1 Agent Answer 1 Community AnswerJun 16, 2015 08:49AM UTC
Macro creation for variables that keeps changing for every request and response.
Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login to the application. There are two requests. First is a GET request and second is POST request. First GET request goes without any parameters First GET response comes with...1 Agent Answer 1 Community AnswerJun 15, 2015 06:07AM UTC
How to use Burp Proxy with an emulated android device?
Is it possible to route an emulated android device through Burp Proxy? I tried the instructions found here: https://support.portswigger.net/customer/portal/articles/1841101 But this says update the WIFI settings on the phone and when using an emulated device - WIFI is not available. Is there any way to route an emulated android device through burp proxy?8 Agent Answers 9 Community AnswersJun 13, 2015 02:38AM UTC
CSRF PoC vulnerability only succeeds while Proxying through Burp
This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp that will increase a User profile to an Admin status. The PoC will work every time while within the initial Admin session is active to is increase the access to the second U...1 Agent Answer 0 Community AnswerJun 10, 2015 03:41PM UTC
Java Socks Override on OSX
Hi there, This is more a heads up rather than a question. I use a socks proxy via SSH/corkscrew when I am onsite at clients' sites to get unobstructed internet. To do this I set the OSX OS proxy settings to my socks server 127.0.0.1. However, it seems as though Java picks this up automatically when Burp is run and these settings override the socks setting within Burp (this is also with ...1 Agent Answer 0 Community AnswerJun 04, 2015 02:02AM UTC
Where is the firefox "plug-n-hack" plugin?????
There is extensive reference to it in the Burp documentation. I have seen forums elsewhere where people allude to it. Even saw somewhere a screenshot someone maybe 18 months ago of it installed in Firefox. But I can find nowhere to download/install it. No URL, nothing. Its like a vicious circle in Google to mozilla docs talking about it, but nowhere to actually find it. What the heck is goin...3 Agent Answers 13 Community AnswersJun 02, 2015 08:48PM UTC
How do I get the referrer or spider links
Hi, I see that the spider has a referrer header option, however when I look at the sitemap, there are no referrers. Is there anyway to get the URLs with the referrer from sitemap that were spidered?2 Agent Answers 1 Community AnswerMay 27, 2015 11:53AM UTC
Proxying Java / JAR
I have a website that launches a JAR (java applet) I want to proxy the requests that applet does via Burp Suite Burp Suite listens on port 8080 and invisible proxying is also enabled. In java settings , I have enabled proxy via 127.0.0.1:8080 Applet loads fine But still I dont see traffic via Burp suite. (If I access a regular website , I see the requests in burp suite) I have ensure...3 Agent Answers 2 Community AnswersMay 27, 2015 07:38AM UTC
Validating File uploads
Hi all, This may not be related to Burp Suite tool as such, but wanted to check if someone from this community could help Situation: As a part of file upload checks, only certain file extensions are allowed. But we can easily change the extension (to one of the allowed extensions) and upload the files for example, only doc,xls,pdf,txt files are allowed. But a .exe extension can be rename...0 Community AnswerMay 25, 2015 07:19AM UTC