How Do I?

Make a new post

  • Spidering - avoid getting all the products from store

    Hi there, I've been trying to spider a site and adding the results to the scope. The problem I'm facing is if we want to spider a store with a catalog of, for example, 10k items, it will try to crawl all those items (the URLs are different and no params are specified). Is there any configuration I am missing to avoid getting all the items crawled? If Burp does not have it yet, is ...

    1 Agent Answer    0 Community Answer
    Jul 06, 2015 03:26PM UTC
  • Transfer license from one user to another

    I have purchased Burp Suite for multiple users. Can you please tell me the steps to activate the second user using the license key that I have purchased ?

    2 Agent Answers    1 Community Answer
    Jul 06, 2015 09:03AM UTC
  • Intercept server request/client response

    Im running a game server and the masterserver request bunch of informations so it can show my server in a server list/browser this is the request from the server (wireshark) GET / HTTP/1.1 host: XX.XX.XX.XX:4545 (my game server ip) Connection: close and thats what my web server send back HTTP/1.1 200 OK Content-Type: application/json Access-Control-Allow-Origin: * Server: GameServer54...

    2 Agent Answers    1 Community Answer
    Jul 05, 2015 06:27AM UTC
  • Writing an extension to add a signature on requests

    Hello, I am testing a web service that expects one of the request parameters to contain a hash of the remaining parameters and a shared secret. If I do a scan of it with Burp Scanner the majority of the requests will be treated as invalid by the service, because of the signature mismatch. What I'd like to do is capture the request the scanner is making just before it is sent, calculate the...

    1 Agent Answer    0 Community Answer
    Jul 01, 2015 09:14AM UTC
  • Importing CA certificate into cert

    I have read the howto and i am trying to do the following in order to create new cert and import it into burp. 1. openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der 2. openssl rsa -in server.key -inform pem -out server.key.der -outform der 3. openssl pkcs8 -topk8 -in server.key.der -inform der -out server.key.pkcs8.der -outform der -nocrypt ...

    1 Agent Answer    0 Community Answer
    Jun 29, 2015 03:01PM UTC
  • Set font via command line OR restore state via command line

    Is there a way to set the font size via a command line option, or restore a saved state via a command line option? For example: java -jar burp.jar --font-size=12 or java -jar burp.jar --restore-state settings.dat I am looking for a way to create two shortcuts to Burp that would automatically start with different font sizes (if possible!), for starting the GUI with the correct font size based...

    2 Agent Answers    2 Community Answers
    Jun 26, 2015 03:35AM UTC
  • Python Extensions

    I have installed Jython and installed several Python-based Extensions. I have configured 'Folder for loading modules' to point to /usr/lib/python2.7 (have also tried python2.7 and python3.2). All extensions fail. Most have an error reading, "NameError: name 'buffer' is not defined." Since this is applying to multiple extensions, guessing it is a Python/jython/Kali ...

    1 Agent Answer    2 Community Answers
    Jun 25, 2015 09:42PM UTC
  • Treating existing values in a parameter while scanning

    Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning - how will burp work when new crafted requests are sent ? - Will the exiting values of the parameter be removed and replaced with the attack string ? or will the attack st...

    2 Agent Answers    2 Community Answers
    Jun 25, 2015 06:41AM UTC
  • burpsuite_free_v1.6 with upstream proxy not able to intercept https traffic/sites.

    Hi Team, I have been using burpsuite_free_v1.6 with upstream proxy with Java version: C:\Users\Administrator>java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode) And not able to intercept any https site traffic .Below are the alert remark from burpsuite which i m getting. ...

    2 Agent Answers    1 Community Answer
    Jun 23, 2015 01:26PM UTC
  • How to flag only new issues when Burp is run on a continuous basis

    Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The only thing I could find in the documentation is: http://portswigger.net/burp/help/scanner_reporting.html The serialNumber element: contains a long integer that is unique to t...

    1 Agent Answer    0 Community Answer
    Jun 17, 2015 03:14AM UTC