How Do I?
How do I re-link burp to a /tmp/burpxxxxxxx.tmp/ folder after it crashed
I had TONS of data in that burp session before Java gave up and cashed. I absolutely need it back.3 Agent Answers 2 Community AnswersJul 17, 2015 05:19PM UTC
'Interface port 8080 is not running'
Hi, I am using Burp Suite 1.6 Free Edition. in proxy option and proxy Listeners section my Interface (127.0.0.1:8080), Running Check Box is not checked ! how do i?, i click the CheckBox but nothing to show. pls help me pic -> http://s6.uplod.ir/i/00638/5zoazva0jd3s.png2 Agent Answers 1 Community AnswerJul 11, 2015 01:41AM UTC
Determining number of requests/attacks made
I am scanning two websites for XSS attacks (or any other test) only One is ASP.net and other is PHP. Lets say I am testing only URL parameter value and in both the cases there 5 parameters each Question 1: For both the websites, number of attack requests sent will be the same or the number of requests will differ ? (since they have same number of parameters) Question 2: If the number ...1 Agent Answer 0 Community AnswerJul 10, 2015 01:07PM UTC
Handling Multi-Staged Logins for Scan with Burp
I am trying to automate the login process and validation of successful login via Burp Session Handling/Macros. This login requires an initial POST that includes the username/password, then, in the response to the initial POST, it asks the user to answer one of four different secondary questions (favorite color, city you live in, etc.), which you answer and send back in the second POST to compl...4 Agent Answers 4 Community AnswersJul 09, 2015 06:23PM UTC
changing responses exiting burp
A thick java application needs gzipped responses, so I'm trying to make an extension that re-gzips HTTP responses going from burp to the application. However I can't find the right callback to register. Both IHttpListener and IProxyListener hook before I can manually edit the response. I want the extension to act after editing (when I click the forward button).1 Agent Answer 1 Community AnswerJul 09, 2015 09:35AM UTC
intercept proxy based applications
I was trying to intercept an application (Internet Download Manager) requests after I configured it's proxy, I was able to intercept the request, however I don't receive response. could it be a certificate problem? if not, what is it3 Agent Answers 2 Community AnswersJul 09, 2015 05:40AM UTC
How do I manage JSON Web Token auth in Burp?
So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.2 Agent Answers 5 Community AnswersJul 08, 2015 05:33PM UTC
Client certificate using Internet Explorer cert store?
Greetings, Is it possible for Burp to use the Windows (IE) certificate store? I've got a client whose process requires client certificates, but the IE+applet procedure stores it directly. Trying to export the result for Burp's use does not appear to work. That would indeed be ideal however.1 Agent Answer 1 Community AnswerJul 07, 2015 04:44PM UTC
Clarification on Webservices scanning
I have some clarifications on web service testing. Question 1: Is burp suite capable of performing testing webservices against all known vulnerabilities associated with web services ? All scanning options present under Active Scanning areas are applicable for web service testing ? or it is limited to subset of those ? Question 2: I browsed a website and it captured a webservice URL (and m...4 Agent Answers 3 Community AnswersJul 07, 2015 03:07PM UTC
Query Parameter in SSL Request, where is this?
I am validating issues which were previously found. In the URL, the following information is available: GET /cleaned/servlet/ControllerServlet?commandLink=AppPriceReportList.jsp HTTP/1.1 Since the connection is via SSL, I would have expected that Burp would have flagged this as an issue. What happened?2 Agent Answers 1 Community AnswerJul 06, 2015 05:29PM UTC