How Do I?
Target scope: Include the URL only once for scan
My website is sending below GET requests (REST style), abc.com/groups/1 abc.com/groups/2 abc.com/groups/3 ... abc.com/groups/23000 Now during an active scan, scanning one of the request is enough (saves time). Is there any way to set the scope to include the URL only once for scan? I tried the below config, but it did not work (all the URLs are excluded). Include scope: abc.com/grou...1 Agent Answer 0 Community AnswerMay 21, 2015 08:12AM UTC
Updating Cookie Jar based on redirected responses
Hello! I'm having troubles updating burp's internal cookie jar based on redirected responses. Eg. I send a POST request to /whatever.jsp with a cookie SESS1=123, I get a response w/ 302 Found, when I follow the redirect I get a response and a Set-Cookie: SESS1=456. Next request therefore has to be sent w/ SESS1=456 otherwise it will be dropped/denied. Functionality very simi...1 Agent Answer 0 Community AnswerMay 19, 2015 07:24PM UTC
Getting Java Heap Space Error.
Hi Team, Getting Java Heap Space error and eventually Burp Suite got hanged later on. Increase Java Heap Space as mentioned below but still not getting valid response. Increase the size as mentioned below but still issue exist. Please do needful. Xms1G -Xmx4G -XX:MaxPermSize=1024M Regards, Javed Parmar1 Agent Answer 0 Community AnswerMay 18, 2015 11:26AM UTC
Clone a online website to work offiline with burp clone a google app with burp
Good day How do I clone a Google app with Burp suite. I know how to spider a app. I know the diference but can burp clone a website like WGET or HTTRACK? Is it possible to use Burp to download a local copy of googels XSS firing rang? public-firing-range.appspot.com/1 Agent Answer 0 Community AnswerMay 17, 2015 07:14AM UTC
Private Collaborator Server Refuses requests
I am trying to setup a private Collaborator server, and am running into issues with the DNS server. The server starts up fine; listening on port 80, 443, and 53. However, when I run a "netstat -plntu" on the server port 80 and 443 are in the listen state, but not 53: Proto Recv-Q Send-Q Local Address Foreign Address State tcp6 0 0 ...3 Agent Answers 3 Community AnswersMay 13, 2015 07:01PM UTC
Spidering + Form Submission
I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well. In that c...2 Agent Answers 2 Community AnswersMay 13, 2015 07:17AM UTC
WCF binary decode failure
I'm testing a fat client application that passes all its traffic through SSL, WCF binary encoded. It also looks like it is being compressed (Content-Type: x-deflate) which adds another level of PiTA. I'm using the "WCF Binary Helper" extension (props to Brian Holyfield and Nick Coblentz), which has worked fine for all applications that I have previously tested that use this met...2 Agent Answers 2 Community AnswersMay 12, 2015 01:45AM UTC
Dark/Alternate Java Look and Feel
Hello, Is there any way to change the look and feel to anything other than the four in options? If not, are there plans to implement the dark metal/nimbus themes? Thanks! Colin4 Agent Answers 10 Community AnswersMay 11, 2015 04:48PM UTC
How do I change a http header value for active scan with stored state file?
Hi, One of applications I am testing is using authorization header for authentication. I stored the state and want to use it for active-scan next time. Would you advise me how to change the authorization header value in stored request messages? Thank you in advance.2 Agent Answers 4 Community AnswersMay 06, 2015 03:26PM UTC
Report on CSRF Vulnerabilities
Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report indicating the CRSF vulnerability. I am trying to reconfigure the Burp environment and regenerate the report, but without any luck. I can replicate the other vulnerabilities, but...1 Agent Answer 0 Community AnswerMay 05, 2015 06:12PM UTC