How Do I?

Make a new post

  • Report on CSRF Vulnerabilities

    Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report indicating the CRSF vulnerability. I am trying to reconfigure the Burp environment and regenerate the report, but without any luck. I can replicate the other vulnerabilities, but...

    1 Agent Answer    0 Community Answer
    May 05, 2015 06:12PM UTC
  • Web pages don't load through proxy, is this normal?

    My problem is something I expected to be rather common, but apparently not. I have set up Burp Suite with Firefox and have used all the correct settings, and it is connecting to the proxy on 127.0.0.1:8080. The Burp Suite software is able to see the pages I try to visit in the browser and can give me some basic information about it, however in my browser the page is just loading indefinitely an...

    13 Agent Answers    14 Community Answers
    May 03, 2015 10:54PM UTC
  • How do I change the user-agent string that the scanner sends in requests

    I want to scan the mobile pages of my web application. In order to do this I need the change the user-agent to emulate a phone. Is there a way to do this? Thanks!

    1 Agent Answer    2 Community Answers
    May 01, 2015 11:15PM UTC
  • Viewing VIEWSTATE in responses as well as requests

    The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it would be good to be able to see it natively.

    1 Agent Answer    1 Community Answer
    Apr 29, 2015 12:08PM UTC
  • How do I send multiple requests at one time?

    I want to take a single request, let's say a POST request to google.com. I want to send, let's say, five requests almost parallel with each other.

    3 Agent Answers    2 Community Answers
    Apr 28, 2015 04:47AM UTC
  • Command line commands

    We installed Carbonator and want to execute commands in "headless" mode. What are the commands to set a target, set a proxy, scan (active and passive), spider, etc.? Thanks!

    2 Agent Answers    1 Community Answer
    Apr 27, 2015 11:20PM UTC
  • Interception of Citrix Netscaler traffic

    I am testing an application that tunnels traffic through a Citrix NetScaler connection and so far have had no success in defeating certificate validation. Evidently, Citrix requires a certificate with the "serverAuth" extendedKeyUsage field enabled. Providing this requires generation of a new CA certificate with this attribute. According to Citrix, the following configuration works when ...

    0 Community Answer
    Apr 27, 2015 04:57PM UTC
  • Manually reproduce Cross-site scripting (DOM-based) vulnerability using info from Burp report

    Hi, Ran test to look for “Cross-site request forgery” & Burp came back with issue. How can we use the info in the report to reproduce this manually so as to confirm that it's not a false positive? Thx.

    1 Agent Answer    0 Community Answer
    Apr 23, 2015 06:21PM UTC
  • no details for proxy history

    In my case, the proxy history are logged correctly for each internet request. But when I click on the request, there is no Request Raw(or Hex) showing in the bottom panel. The filter is "showing all items". Can someone help?

    2 Agent Answers    2 Community Answers
    Apr 23, 2015 03:05PM UTC
  • Collaborator Server issues "expected record not found"

    I've got a private collaborator server up and running. It has it's own domain, it's resolving fine, wildcard certs are installed and confirmed working on both interaction and collaboration ports. When I run a health check in the app everything comes out green (Success) except for: Verify DNS Interaction Verify HTTP Interaction Verify HTTPS Interaction The summary text is: &quo...

    2 Agent Answers    2 Community Answers
    Apr 23, 2015 02:25PM UTC