How Do I?

Make a new post

  • Is processHttpMessage thread safe?

    Hi Team, I have create a extension that to auto edit MessageInfo with registerHttpListener (using processHttpMessage method.) in processHttpMessage method . I call another class which created by myself, it's responsible for receiving a messageinfo and parse to get header\body\....; but when I run my extension in burp. I found it also get different messageinfo(the hashcode of obje...

    2 Agent Answers    2 Community Answers
    Mar 27, 2019 12:42PM UTC
  • Pausing Scanner on Condition

    I was wondering if it was possible to pause the scanner given a certain condition being hit. Basically, if my session is deauthed I want scanner to stop. Is this possible?

    1 Agent Answer    0 Community Answer
    Mar 27, 2019 12:39AM UTC
  • Reference for issue details

    The issue details, specifically IScanIssue.getIssueDetail(), allow "[a] limited set of HTML tags": <br> is interpreted as newline and <table>s are formatted correctly. But there is no CSS, <font color=green> does not work, <hr> does not work, <table border=1> does not show a border, etc. I have not been able to find any documentation on this. Is there docume...

    1 Agent Answer    2 Community Answers
    Mar 26, 2019 04:08PM UTC
  • Can you use the cookie jar for crawling site?

    I am trying to crawl a site but the cookie jar cookies are not being applied. The session handling tracer displays the following message: Vetoing rule: Use cookies from Burp's cookie jar The site has a captcha when logging in so setting an application login in the crawler does not work. Can I force Burp's crawler to use cookies?

    1 Agent Answer    0 Community Answer
    Mar 26, 2019 03:52PM UTC
  • Restrict Sites on Burp Enterprise API

    We'd like to restrict the sites users can run scans against in Burp Enterprise, and I've configured Groups with site restrictions and have added the sites in folders on the site tree. So basically looks like Group 1 Name (top) - Site 1 - Site 2 Group 2 Name (top) - Site 1 - SIte 2 Yet when I call the API to run the scan using their API key, I constantly get a 401. ...

    1 Agent Answer    0 Community Answer
    Mar 25, 2019 06:54PM UTC
  • Burpsuite Enterprise: Crawling and scoping

    Is there any documentation on how crawling/scoping works in Burpsuite Enterprise? We've tried all of the crawl scan configurations along with varying combinations of "Add all links to site map" and/or "Add reqested items to site map" but have been unable to reproduce the same findings found using Burpsuite Pro. It seems the only thing that works is manually adding s...

    2 Agent Answers    2 Community Answers
    Mar 25, 2019 02:55PM UTC
  • Garbled text at end of proxy intercept - no username/pass

    Hi, running a proxy on 127.0.0.1 as suggested, I'm getting: POST / HTTP/1.1 Host: ocsp.sca1b.amazontrust.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: close 0Q0O0M0K0I0 + Althou...

    1 Agent Answer    1 Community Answer
    Mar 24, 2019 08:54AM UTC
  • Burp does support firefox version 65.0.1

    I am start using burp with firefox version 47 in windows but when i shifted to parrot os. There was already installed firefox 65.0.1 burp is not working there it showed one thing only SSL connection not work. I used every certificate. Force ssl connection but still its not working ?? What can i do ??

    1 Agent Answer    0 Community Answer
    Mar 23, 2019 07:11PM UTC
  • Firewall scan in Burpsuit

    Hello, Can we run firewall scan in Burp suit using with IP address? If yes please let me know the procedure. Thank you

    1 Agent Answer    0 Community Answer
    Mar 21, 2019 03:20PM UTC
  • DOM XSS - How to actually inject the source ?

    Hello, so, I am struggeling to understand something and I cannot find an answer. If anybody could help me I would be very appreciative. A dynamic analysis of a JS code rendered this Data is read from input.value and passed to element.innerHTML. The source element has id [ID_HERE] and name [NAME_HERE]. The following value was injected into the source: [SOME_OTHER_VALUE_HERE] The p...

    1 Agent Answer    0 Community Answer
    Mar 19, 2019 08:16PM UTC