How Do I?

Make a new post

  • Regarding Licence from one machine to another or one user to another.

    Suppose my team has 2 burp suite license. One of my team member is leaving my team, I need to transfer the license to another user, also system will also change. How we can do it?

    0 Community Answer
    Dec 03, 2019 07:18AM UTC
  • How to Use Macros?

    Hello Support, I am in a situation where I need to automate my testing using Macros. I have a JSON POST request which submits the data on the server but I can't repeat the same request again due to the key-value used in the request. That key value can be used only once and in response, I only receive true or false. For each request, the application generates a new key and makes difficult ...

    2 Agent Answers    1 Community Answer
    Dec 02, 2019 10:20AM UTC
  • How to load a cert bundle, cert and key?

    Has anyone had to load client certs for mutual tls into the latest burp recently? Basically, I am trying to replicate the following in Burp: curl --cacert ./api-trust.bundle --cert ./api-certificate.pem:password --key ./api-key.pem Normally loading a client cert is fine in burp, but this request requires all 3 (I've tried converting it to .crt with opens...

    1 Agent Answer    1 Community Answer
    Dec 02, 2019 08:12AM UTC
  • Fraud

    En français

    2 Community Answers
    Dec 02, 2019 02:44AM UTC
  • Unable to maintain keep alive connection while using burp suite

    Hi, I am trying to test a webapp for vulnerabilities. I am using keep alive connections for my app's functioning, it works fine when i am not using burp as a proxy. But i am unable to maintain keep alive connections when using burp. Plese suggest any way to maintain a keep alive connection using burp.

    3 Agent Answers    2 Community Answers
    Nov 29, 2019 01:25PM UTC
  • Unable to access an application which require a class B authentication through BURP

    Hi, I am unable to access an application which require a class B authentication through BURP. I am able to access the application normally on the browser. The application asks me to choose the certificate and after choosing my class B certificate, the page opens normally on the browser. But when I try to access the same application via BURP, the browser doesn't ask me to choose the c...

    1 Agent Answer    0 Community Answer
    Nov 28, 2019 04:46PM UTC
  • HTTP History and patterns

    Hi, Is there any mean to avoid a request with a pattern to be sent to HTTP history? I mean, being someone that deals a lot with HTTP history I want sometimes to avoid my HTTP history to be polluted with analytics paths such as `POST /tracking/logging`, how do I avoid Burp sending those requests to HTTP history? I tried intercepting that request then right-click, "Don't intercept requ...

    1 Agent Answer    0 Community Answer
    Nov 27, 2019 01:18PM UTC
  • Intruder - Attack Types - How can I use dynamic numbers for only a param While attac okther params

    I have a request that need to different attack type for example; register_user.php?name=[payload1]&address=[payload2]&mail=[payload3] And a Payload list with 100 line. Iwant to test results following: Payload1 = 1 payload2 = Injection_Test_1 Payload3 = default/blank Payload1 = 2 payload2 = Injection_Test_2 Payload3 = default/blank ... Payload1 = 100 payload2 = default/...

    1 Agent Answer    1 Community Answer
    Nov 26, 2019 11:10AM UTC
  • Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

    The solution for Lab: Exploiting HTTP request smuggling to perform web cache deception is INCORRECT. The Lab appears to be updated and is not using the /apiKey function anymore. Instead it is replaced with /my-account which has an update email address function /my-account/change-email. I have tried the original solution, and changed the /apiKey with /my-account. I have also tried using a do...

    1 Agent Answer    2 Community Answers
    Nov 26, 2019 06:57AM UTC
  • Lab: CORS vulnerability with internal network pivot attack - step 1 not working

    Hi there, While attempting to follow the instructions for step 1 it does not appear that after "store" the exploit and then "deliver exploit to victim" that the victim is actually visiting the exploit link. There is nothing in the access log to indicate that the exploit server has been visited by the victim. I would have expected to see something like 192.168.x.x .... GET...

    2 Agent Answers    1 Community Answer
    Nov 26, 2019 04:01AM UTC