How Do I?

Make a new post

  • authent scan with client ssl

    I need to do authent scan for a website, I configure credential in user options, is it enough? do I need to configure session handling rules? do I need to configure browser to use burp root certificate? do I need to configure scan configuration to use credentials? do I need to configure client ssl in user option?

    1 Agent Answer    0 Community Answer
    Oct 02, 2019 01:43AM UTC
  • Report should include the Audit Items

    Hi Team, I'm using Burp Suite Professional and I'm looking for an option to add the list of audit items to the issue report. The goal is to have an evidence about the scan of the website site for my customer. Any hints or better suggestions to achieve this? Regards Reiner

    1 Agent Answer    0 Community Answer
    Oct 01, 2019 11:12AM UTC
  • Burpsuite username and password dictionary files

    we are using burp intruder, we need user name and password emulation. does portswigger provide username and password dictionary files , so we can use it as payload, where can I download such files

    1 Agent Answer    0 Community Answer
    Oct 01, 2019 01:11AM UTC
  • test xpath injection, cookies attributes, exposed session variables and session fixation

    how to test test xpath injection, cookies attributes, exposed session variables and session fixation and doing PoC (proof of concept)

    1 Agent Answer    0 Community Answer
    Sep 30, 2019 03:53AM UTC
  • web server fingerprint

    Dear expert, can we do web server fingerprint in professional V2.1, for example list of the web server platform, technology, apache version, DNS record, bind information, under which menu can I find these info?

    2 Agent Answers    1 Community Answer
    Sep 30, 2019 01:04AM UTC
  • Converting Python List to java.util.List

    Using Python, I am trying to get the result of invocation.getSelectedMessages() to be passed into the function sendToIntruder() as the payloadPositionOffsets Parameter. I can't seem to get the right format to put into sendToIntruder() as it is expecting a java.util.List and what I have might be a python LIST. Function: sendToIntruder(java.lang.String host, int port, boolean useHttps,...

    1 Agent Answer    0 Community Answer
    Sep 29, 2019 07:22PM UTC
  • Burp version 1 and version 2 issue definitions

    hi, i would like to know is there any different in issues definition if when do scanning in burp v1.7.37 and v2 ?

    1 Agent Answer    0 Community Answer
    Sep 27, 2019 01:32PM UTC
  • save state in burp pro

    in burp pro2.1 the save state missing, so how to save the state?

    2 Agent Answers    1 Community Answer
    Sep 27, 2019 09:06AM UTC
  • https: url scan and report generation

    we have scan normal http url. we are using burp pro2.1, to scan url with https://...., we just paste https link in the target, is there any more configuration compared to http url we need to do? after scan and audit, where can i generate the report, thanks

    1 Agent Answer    0 Community Answer
    Sep 27, 2019 09:01AM UTC
  • Web Credentialed Scanning

    Hi all, probably asked a bunch, but I am trying to do web credentialed scanning of an application. Burp Suite Pro does not appear to 'see' the login page. It will scan the login page, but not actually login.

    1 Agent Answer    0 Community Answer
    Sep 27, 2019 04:01AM UTC