How Do I?
Macro creation for variables that keeps changing for every request and response.
Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login to the application. There are two requests. First is a GET request and second is POST request. First GET request goes without any parameters First GET response comes with...1 Agent Answer 1 Community AnswerJun 15, 2015 06:07AM UTC
How to use Burp Proxy with an emulated android device?
Is it possible to route an emulated android device through Burp Proxy? I tried the instructions found here: https://support.portswigger.net/customer/portal/articles/1841101 But this says update the WIFI settings on the phone and when using an emulated device - WIFI is not available. Is there any way to route an emulated android device through burp proxy?8 Agent Answers 9 Community AnswersJun 13, 2015 02:38AM UTC
CSRF PoC vulnerability only succeeds while Proxying through Burp
This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp that will increase a User profile to an Admin status. The PoC will work every time while within the initial Admin session is active to is increase the access to the second U...1 Agent Answer 0 Community AnswerJun 10, 2015 03:41PM UTC
Java Socks Override on OSX
Hi there, This is more a heads up rather than a question. I use a socks proxy via SSH/corkscrew when I am onsite at clients' sites to get unobstructed internet. To do this I set the OSX OS proxy settings to my socks server 127.0.0.1. However, it seems as though Java picks this up automatically when Burp is run and these settings override the socks setting within Burp (this is also with ...1 Agent Answer 0 Community AnswerJun 04, 2015 02:02AM UTC
Where is the firefox "plug-n-hack" plugin?????
There is extensive reference to it in the Burp documentation. I have seen forums elsewhere where people allude to it. Even saw somewhere a screenshot someone maybe 18 months ago of it installed in Firefox. But I can find nowhere to download/install it. No URL, nothing. Its like a vicious circle in Google to mozilla docs talking about it, but nowhere to actually find it. What the heck is goin...3 Agent Answers 13 Community AnswersJun 02, 2015 08:48PM UTC
How do I get the referrer or spider links
Hi, I see that the spider has a referrer header option, however when I look at the sitemap, there are no referrers. Is there anyway to get the URLs with the referrer from sitemap that were spidered?2 Agent Answers 1 Community AnswerMay 27, 2015 11:53AM UTC
Proxying Java / JAR
I have a website that launches a JAR (java applet) I want to proxy the requests that applet does via Burp Suite Burp Suite listens on port 8080 and invisible proxying is also enabled. In java settings , I have enabled proxy via 127.0.0.1:8080 Applet loads fine But still I dont see traffic via Burp suite. (If I access a regular website , I see the requests in burp suite) I have ensure...3 Agent Answers 2 Community AnswersMay 27, 2015 07:38AM UTC
Validating File uploads
Hi all, This may not be related to Burp Suite tool as such, but wanted to check if someone from this community could help Situation: As a part of file upload checks, only certain file extensions are allowed. But we can easily change the extension (to one of the allowed extensions) and upload the files for example, only doc,xls,pdf,txt files are allowed. But a .exe extension can be rename...0 Community AnswerMay 25, 2015 07:19AM UTC
Sciript a Proxy Match/Replace (or well really just an insert)
Is there a way to script or conditionally to Match/Replace with the Proxy. Similar to what's in the "Options" tab but slightly more complicated. Specifically what I'm looking for a find requests that don't have a referer and insert a specific one. (i.e.: If request header doesn't contain referer then insert Referer: http://something.i.want.com) But I can also fo...1 Agent Answer 0 Community AnswerMay 21, 2015 07:03PM UTC
Target scope: Include the URL only once for scan
My website is sending below GET requests (REST style), abc.com/groups/1 abc.com/groups/2 abc.com/groups/3 ... abc.com/groups/23000 Now during an active scan, scanning one of the request is enough (saves time). Is there any way to set the scope to include the URL only once for scan? I tried the below config, but it did not work (all the URLs are excluded). Include scope: abc.com/grou...1 Agent Answer 0 Community AnswerMay 21, 2015 08:12AM UTC