How Do I?
Regarding Licence from one machine to another or one user to another.
Suppose my team has 2 burp suite license. One of my team member is leaving my team, I need to transfer the license to another user, also system will also change. How we can do it?0 Community AnswerDec 03, 2019 07:18AM UTC
How to Use Macros?
Hello Support, I am in a situation where I need to automate my testing using Macros. I have a JSON POST request which submits the data on the server but I can't repeat the same request again due to the key-value used in the request. That key value can be used only once and in response, I only receive true or false. For each request, the application generates a new key and makes difficult ...2 Agent Answers 1 Community AnswerDec 02, 2019 10:20AM UTC
How to load a cert bundle, cert and key?
Has anyone had to load client certs for mutual tls into the latest burp recently? Basically, I am trying to replicate the following in Burp: curl https://domain.com/api/test --cacert ./api-trust.bundle --cert ./api-certificate.pem:password --key ./api-key.pem Normally loading a client cert is fine in burp, but this request requires all 3 (I've tried converting it to .crt with opens...1 Agent Answer 1 Community AnswerDec 02, 2019 08:12AM UTC
En français2 Community AnswersDec 02, 2019 02:44AM UTC
Unable to maintain keep alive connection while using burp suite
Hi, I am trying to test a webapp for vulnerabilities. I am using keep alive connections for my app's functioning, it works fine when i am not using burp as a proxy. But i am unable to maintain keep alive connections when using burp. Plese suggest any way to maintain a keep alive connection using burp.3 Agent Answers 2 Community AnswersNov 29, 2019 01:25PM UTC
Unable to access an application which require a class B authentication through BURP
Hi, I am unable to access an application which require a class B authentication through BURP. I am able to access the application normally on the browser. The application asks me to choose the certificate and after choosing my class B certificate, the page opens normally on the browser. But when I try to access the same application via BURP, the browser doesn't ask me to choose the c...1 Agent Answer 0 Community AnswerNov 28, 2019 04:46PM UTC
HTTP History and patterns
Hi, Is there any mean to avoid a request with a pattern to be sent to HTTP history? I mean, being someone that deals a lot with HTTP history I want sometimes to avoid my HTTP history to be polluted with analytics paths such as `POST /tracking/logging`, how do I avoid Burp sending those requests to HTTP history? I tried intercepting that request then right-click, "Don't intercept requ...1 Agent Answer 0 Community AnswerNov 27, 2019 01:18PM UTC
Intruder - Attack Types - How can I use dynamic numbers for only a param While attac okther params
I have a request that need to different attack type for example; register_user.php?name=[payload1]&address=[payload2]&mail=[payload3] And a Payload list with 100 line. Iwant to test results following: Payload1 = 1 payload2 = Injection_Test_1 Payload3 = default/blank Payload1 = 2 payload2 = Injection_Test_2 Payload3 = default/blank ... Payload1 = 100 payload2 = default/...1 Agent Answer 1 Community AnswerNov 26, 2019 11:10AM UTC
Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)
The solution for Lab: Exploiting HTTP request smuggling to perform web cache deception is INCORRECT. The Lab appears to be updated and is not using the /apiKey function anymore. Instead it is replaced with /my-account which has an update email address function /my-account/change-email. I have tried the original solution, and changed the /apiKey with /my-account. I have also tried using a do...1 Agent Answer 2 Community AnswersNov 26, 2019 06:57AM UTC
Lab: CORS vulnerability with internal network pivot attack - step 1 not working
Hi there, While attempting to follow the instructions for step 1 it does not appear that after "store" the exploit and then "deliver exploit to victim" that the victim is actually visiting the exploit link. There is nothing in the access log to indicate that the exploit server has been visited by the victim. I would have expected to see something like 192.168.x.x .... GET...2 Agent Answers 1 Community AnswerNov 26, 2019 04:01AM UTC