How Do I?
Report on CSRF Vulnerabilities
Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report indicating the CRSF vulnerability. I am trying to reconfigure the Burp environment and regenerate the report, but without any luck. I can replicate the other vulnerabilities, but...1 Agent Answer 0 Community AnswerMay 05, 2015 06:12PM UTC
Web pages don't load through proxy, is this normal?
My problem is something I expected to be rather common, but apparently not. I have set up Burp Suite with Firefox and have used all the correct settings, and it is connecting to the proxy on 127.0.0.1:8080. The Burp Suite software is able to see the pages I try to visit in the browser and can give me some basic information about it, however in my browser the page is just loading indefinitely an...13 Agent Answers 14 Community AnswersMay 03, 2015 10:54PM UTC
How do I change the user-agent string that the scanner sends in requests
I want to scan the mobile pages of my web application. In order to do this I need the change the user-agent to emulate a phone. Is there a way to do this? Thanks!1 Agent Answer 2 Community AnswersMay 01, 2015 11:15PM UTC
Viewing VIEWSTATE in responses as well as requests
The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it would be good to be able to see it natively.1 Agent Answer 1 Community AnswerApr 29, 2015 12:08PM UTC
How do I send multiple requests at one time?
I want to take a single request, let's say a POST request to google.com. I want to send, let's say, five requests almost parallel with each other.3 Agent Answers 2 Community AnswersApr 28, 2015 04:47AM UTC
Command line commands
We installed Carbonator and want to execute commands in "headless" mode. What are the commands to set a target, set a proxy, scan (active and passive), spider, etc.? Thanks!2 Agent Answers 1 Community AnswerApr 27, 2015 11:20PM UTC
Interception of Citrix Netscaler traffic
I am testing an application that tunnels traffic through a Citrix NetScaler connection and so far have had no success in defeating certificate validation. Evidently, Citrix requires a certificate with the "serverAuth" extendedKeyUsage field enabled. Providing this requires generation of a new CA certificate with this attribute. According to Citrix, the following configuration works when ...0 Community AnswerApr 27, 2015 04:57PM UTC
Manually reproduce Cross-site scripting (DOM-based) vulnerability using info from Burp report
Hi, Ran test to look for “Cross-site request forgery” & Burp came back with issue. How can we use the info in the report to reproduce this manually so as to confirm that it's not a false positive? Thx.1 Agent Answer 0 Community AnswerApr 23, 2015 06:21PM UTC
no details for proxy history
In my case, the proxy history are logged correctly for each internet request. But when I click on the request, there is no Request Raw(or Hex) showing in the bottom panel. The filter is "showing all items". Can someone help?2 Agent Answers 2 Community AnswersApr 23, 2015 03:05PM UTC
Collaborator Server issues "expected record not found"
I've got a private collaborator server up and running. It has it's own domain, it's resolving fine, wildcard certs are installed and confirmed working on both interaction and collaboration ports. When I run a health check in the app everything comes out green (Success) except for: Verify DNS Interaction Verify HTTP Interaction Verify HTTPS Interaction The summary text is: &quo...2 Agent Answers 2 Community AnswersApr 23, 2015 02:25PM UTC