How Do I?

Make a new post

  • Asks for License key every time when I load from Command Prompt

    I am using Burp Pro in Windows. In GUI mode, I am able to start 2 or more instances of Burp and able to work with different projects at the same time. But, when I try to do the same in the same machine via Command Prompt, it asks for Licence Key. Kindly advise me on how to proceed with a license key.

    1 Agent Answer    0 Community Answer
    Oct 21, 2019 02:09PM UTC
  • Where can I find Burp User config File?

    I need user config file to run Burp from command line. But I could not able to find user.config/.properties file. Kindly state me its location.

    1 Agent Answer    0 Community Answer
    Oct 21, 2019 11:02AM UTC
  • Burp crawl and audit fails against the DVWA.

    Hi, I'm using burp's crawl and audit scan to find as many issues in the DVWA as possible. However, the configured "Application login" fails to log in the application and perform an authenticated crawl and scan. The crawl configuration in "Login Functions" has both options checked and "Miscellaneous" configuration has "Submit forms" option checke...

    1 Agent Answer    3 Community Answers
    Oct 19, 2019 12:28AM UTC
  • Hosting Burp Suite Pro Azure and scanning from Azure cloud?

    Can we have the feasibility hosting professional edition as an independent option within Azure instance (cloud) , provided we don't violate any licensing T&C of Burp and Azure?

    1 Agent Answer    0 Community Answer
    Oct 18, 2019 07:02AM UTC
  • Enterprise

    Hi PortSwigger team, We have an internal test application that we know to have an XSS issue in a pre-authentication login page. The issue was identified by the Burp Pro scanner, but not by the Enterprise Edition. The scan agent versions are the same (2.1.04) and the url is the same for both scans. It looks like the Pro scanner is seeing 11 insertion points (in the audit items tab) ...

    1 Agent Answer    0 Community Answer
    Oct 17, 2019 01:30PM UTC
  • Burp Automated Scan using Macro not spidering all url's

    Hello, I am using the Burp API to automate the scans on Burp Suite v1.7.31 After creating a macro, I am supplying credentials and I am able to login later using the macro. However, Burp is only able to spider or crawl the macro url and not spidering or scanning automatically for other url's. The only request as part of my macro is the login request. The scope is intended to scan all ur...

    2 Agent Answers    1 Community Answer
    Oct 17, 2019 08:15AM UTC
  • java version with burp enterprise

    How do I upgrade the vulnerable java 9 version bundled with Burp Enterprise?

    3 Agent Answers    1 Community Answer
    Oct 16, 2019 04:08AM UTC
  • Web Credentialed Scanning

    I can do a live scan and audit for vulnerabilities; but I cannot seem to have that happen automatically; when I attempt to do an automated scan; it scans the front door landing pages, it does not "see" any login forms. Need a way to actually crawl a massive website

    1 Agent Answer    0 Community Answer
    Oct 16, 2019 12:45AM UTC
  • Problem generating a CSRF PoC

    I understand how basic CSRF works and i have reported some csrf issue to some bug bounty programs in the past, but i have encountered this issue that i don't know what to do. I get this little message when trying to generate a CSRF PoC on a POST request without csrf token or headers: > Warning: The CSRF form uses a different encoding type than the original request, and so the applic...

    1 Agent Answer    0 Community Answer
    Oct 15, 2019 09:15PM UTC
  • Exploiting cross-site scripting to steal cookies

    I inject javascript code to steal cookies but the online lab doesn't simulate another user who views blog comments after they are posted ... any idea why ? Known bug ? I don't use Burp Collaborator but a service hosted on Heroku. Thanks for any help

    2 Agent Answers    1 Community Answer
    Oct 15, 2019 03:38PM UTC