How Do I?

Make a new post

  • ASP.NET forms authentication login redirect

    Can Burp Suite support a login redirect where the login page is not within the scope? I have a /Employee and a /Customer area within my ASP.NET MVC application. For ease of development, the login URL in Web.config is /Customer/Account/Login. For our scanning requirements I would like to be able to use Carbonator and point it to /Employee/Home which is a landing page with links out to all the ...

    1 Agent Answer    0 Community Answer
    Aug 02, 2015 03:58PM UTC
  • Internal VA

    Hi there, I am doing some Internal VA scan. What is the difference between External VA scan and Internal VA scan.What are the most common things to look out for. What are the most common web host used by a mid to large size enterprise. How is it possible to disable brute force and denial of service attack in burpsuite pro. Can Burpsuite check for the TLS/SSL version that is being used?

    0 Community Answer
    Jul 31, 2015 09:48AM UTC
  • Site Map Data populations

    Hi All, I have a question related to site map. As per "", Site Map Views can be created by "The left-hand-side tree view contains a hierarchical representation of content, with URLs broken down into domains, directories, files, and parameterized requests" But recently I have observed that when URL contains same domain ...

    1 Agent Answer    0 Community Answer
    Jul 28, 2015 11:42AM UTC
  • Burp API Support for Selecting Active Scanning Areas

    Hi There, I was looking through the API and I couldn't find support for passing in values for Active Scanning Areas. So if I wanted an active scan to be performed with only some of these areas selected: sqlInjection osCommandInjection serverSizeCodeInjection xssReflected xssStored pathTraversalManipulation externalInteraction httpHeaderInjeciton xmlInjection soapInjection csrf ...

    1 Agent Answer    1 Community Answer
    Jul 27, 2015 08:30AM UTC
  • Stored XSS - detection tweaks

    Hi, Usually, when I'm going through some wizard, e.g. "Create new XXX", all that is required is to create new item XXX is to do a simple POST with all data included. I can then send this POST into the Burp and run active scan. It does populate DB with plenty (thousands) of new entries (which I wanted to achieve). However, if I want to scan for the persistant issues, like stored...

    2 Agent Answers    1 Community Answer
    Jul 24, 2015 06:41AM UTC
  • No UI after launching BUrp from command line

    When I try to launch Burpsuite v1.6.01 from my 32-bit Ubuntu-12.04LTS, it shows message "Proxy:Proxy service started on" but no UI is displayed means Burpsuite App is not launched. -My PC has a second partition in which I have installed Windows 7. -I have downloaded burpsuite from official site "burpsuite_free_v1.6.01.jar". -I am using command "sudo ja...

    2 Agent Answers    2 Community Answers
    Jul 23, 2015 11:54AM UTC
  • Proxy (VPN) Help [URGENT]

    Hello, I've got Burp Suite Professional and I've got a test Process here for my Website, that it attempts a combination of a specific E-Mail and a bunch of Passwords. However, I've put it (on my Website), so if the user inputs 10 times the wrong Password, you can try again in 30 Minutes. Is it possible to insert some kind of Proxy/VPN to Burp Suite, so every 10 attempts, switch I...

    1 Agent Answer    0 Community Answer
    Jul 22, 2015 11:00PM UTC
  • the restoreState() function gives a runtime error

    I'm developing an extension that pulls back a list of saved burp states into a table. I'm trying to get the application to restore the burp state when one of these items is clicked. Unfortunatly Burp is giving me a runtime error when the file is accessed. I'm even manually added the path to a known file and still get same error. Any idea what i'm doing wrong here? Here is my...

    4 Agent Answers    2 Community Answers
    Jul 20, 2015 04:53PM UTC
  • Burp Collaborator - Wildcard certificate problem

    Hi all, I have an internal collaborator Server up and running on a physical server with the following config: { "serverDomain" : "" "eventCapture" : { "https": { "hostname" : "" } }, "polling" : { "https": { "hostname"...

    3 Agent Answers    1 Community Answer
    Jul 18, 2015 07:27AM UTC
  • Burp Not capturing the request even the intercept on

    Here i want the solution of this issue Burp Not capturing the request even the intercept on and i can see the brup target its capturing but not the intercept even if the scanner also capturing but in intercept tab even its on no request is showing

    1 Agent Answer    2 Community Answers
    Jul 18, 2015 01:43AM UTC