How Do I?

Make a new post

  • Target scope: Include the URL only once for scan

    My website is sending below GET requests (REST style), ... Now during an active scan, scanning one of the request is enough (saves time). Is there any way to set the scope to include the URL only once for scan? I tried the below config, but it did not work (all the URLs are excluded). Include scope:

    1 Agent Answer    0 Community Answer
    May 21, 2015 08:12AM UTC
  • Updating Cookie Jar based on redirected responses

    Hello! I'm having troubles updating burp's internal cookie jar based on redirected responses. Eg. I send a POST request to /whatever.jsp with a cookie SESS1=123, I get a response w/ 302 Found, when I follow the redirect I get a response and a Set-Cookie: SESS1=456. Next request therefore has to be sent w/ SESS1=456 otherwise it will be dropped/denied. Functionality very simi...

    1 Agent Answer    0 Community Answer
    May 19, 2015 07:24PM UTC
  • Getting Java Heap Space Error.

    Hi Team, Getting Java Heap Space error and eventually Burp Suite got hanged later on. Increase Java Heap Space as mentioned below but still not getting valid response. Increase the size as mentioned below but still issue exist. Please do needful. Xms1G -Xmx4G -XX:MaxPermSize=1024M Regards, Javed Parmar

    1 Agent Answer    0 Community Answer
    May 18, 2015 11:26AM UTC
  • Clone a online website to work offiline with burp clone a google app with burp

    Good day How do I clone a Google app with Burp suite. I know how to spider a app. I know the diference but can burp clone a website like WGET or HTTRACK? Is it possible to use Burp to download a local copy of googels XSS firing rang?

    1 Agent Answer    0 Community Answer
    May 17, 2015 07:14AM UTC
  • Private Collaborator Server Refuses requests

    I am trying to setup a private Collaborator server, and am running into issues with the DNS server. The server starts up fine; listening on port 80, 443, and 53. However, when I run a "netstat -plntu" on the server port 80 and 443 are in the listen state, but not 53: Proto Recv-Q Send-Q Local Address Foreign Address State tcp6 0 0 ...

    3 Agent Answers    3 Community Answers
    May 13, 2015 07:01PM UTC
  • Spidering + Form Submission

    I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well. In that c...

    2 Agent Answers    2 Community Answers
    May 13, 2015 07:17AM UTC
  • WCF binary decode failure

    I'm testing a fat client application that passes all its traffic through SSL, WCF binary encoded. It also looks like it is being compressed (Content-Type: x-deflate) which adds another level of PiTA. I'm using the "WCF Binary Helper" extension (props to Brian Holyfield and Nick Coblentz), which has worked fine for all applications that I have previously tested that use this met...

    2 Agent Answers    2 Community Answers
    May 12, 2015 01:45AM UTC
  • Dark/Alternate Java Look and Feel

    Hello, Is there any way to change the look and feel to anything other than the four in options? If not, are there plans to implement the dark metal/nimbus themes? Thanks! Colin

    4 Agent Answers    10 Community Answers
    May 11, 2015 04:48PM UTC
  • How do I change a http header value for active scan with stored state file?

    Hi, One of applications I am testing is using authorization header for authentication. I stored the state and want to use it for active-scan next time. Would you advise me how to change the authorization header value in stored request messages? Thank you in advance.

    2 Agent Answers    4 Community Answers
    May 06, 2015 03:26PM UTC
  • Report on CSRF Vulnerabilities

    Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report indicating the CRSF vulnerability. I am trying to reconfigure the Burp environment and regenerate the report, but without any luck. I can replicate the other vulnerabilities, but...

    1 Agent Answer    0 Community Answer
    May 05, 2015 06:12PM UTC