How Do I?

Make a new post

  • vulnerable to DOM-based cross-site scripting

    Is it possible to exploit ? var redirectUrl = $(location).attr('href'); $(location).attr('href', 'Url' + redirectUrl);

    1 Agent Answer    0 Community Answer
    Jul 25, 2019 08:48AM UTC
  • Scan unusual ports

    I have setup my Scope with 50 or so IP addresses. When I try and start a new scan using unusual ports off those IP addresses Burp Pro 2.1 tells me that these URLS to scan are out of scope. I've tried adding them in: specifically (EG 10.10.10.10 Port 7001 to my scope, to try and scan 10.10.10.10:7001) generally (EG 10.10.10.10 to my scope to try and scan 10.10.10.10:7001) I can start a sc...

    1 Agent Answer    0 Community Answer
    Jul 24, 2019 06:05PM UTC
  • Save Task Execution Project Options

    Is it possible to export and import the Dashboard "Task execution" settings, "Live passive crawl" settings, and "Live audit" settings so that they can be automatically used when Burp is next started? For example, can a user save and automatically use a configuration the next time Burp starts that executes tasks with a resource pool that only sends 2 concurrent request...

    1 Agent Answer    0 Community Answer
    Jul 24, 2019 03:19PM UTC
  • The login script on the new Burp version

    Hello, in the older Burp version there was an option to make a login script, which would initiate during spider or scan functions. That script had options to check for session validity, have a custom login flow sequence etc. Now in the newer version of Burp I can't find those options, there is only Username and Password fields in the scan configuration options. I can define something ther...

    1 Agent Answer    0 Community Answer
    Jul 24, 2019 09:44AM UTC
  • exclude scope setting for new burp pro 2.1

    In the old burp, before you kick off the spidering and scanning. There was a option to exclude specific file extension like docx or pdf or exe. In the new version of burp this is option is listed in the audit select items. This not everything I need. https://portswigger.net/burp/documentation/desktop/scanning/scan-launcher I found this url-matching https://portswigger.net/burp/document...

    2 Agent Answers    2 Community Answers
    Jul 19, 2019 09:16PM UTC
  • How to pass through HTTP traffic

    Hi guys, When performing a pentest, I often don't want to define scope rules because I can never know which hosts the main application is requesting. So to reduce the noise in the history section I use SSL pass through to exclude firefox or microsoft background traffic. But what can I do with HTTP traffic? I don't want to drop it. Is there a possibility in Burp to pass through non-SSL t...

    1 Agent Answer    0 Community Answer
    Jul 19, 2019 05:11AM UTC
  • How to remove or encrypt passwords in Burp Pro v2.1?

    Hello, I recently switched to Burp Pro v2.1 from v1.7.34 and I can't seem to find the "Passwords" option under the "Burp" drop down menu. I can't keep test credentials in the burp project file unprotected. Where is the "Save encrypted using master password" or the "Do not save" options for Passwords in the new burp release? Thanks! Chris...

    1 Agent Answer    0 Community Answer
    Jul 18, 2019 11:09PM UTC
  • Crawling a website in community edition

    Hello, Since the spider was removed and replaced by the crawler, is it no longer possible to crawl/spider websites with the community edition? Whenever I right click a node, such as the root node of a website, on the target tab and choose "Scan", a new task is created, but it says "Crawl finished", with 0 requests (0 errors) and 0 locations crawled.

    1 Agent Answer    0 Community Answer
    Jul 18, 2019 03:01PM UTC
  • how many target can we scan?

    Hi, would you please clarify me about how Burp enterprise scans vs. Acunetix?! in summary, Acunetix is target base and you should by a license based on the targets that you need. for instance, if you have 100 subdomains you should buy a license for 100 targets, but all the targets can start to scan simultaneously! As far as I understand, Burp is agent base. I mean you should buy a number of age...

    1 Agent Answer    0 Community Answer
    Jul 18, 2019 02:58PM UTC
  • about copied link from show response in browser

    hey, is there any way to check a the data for the URLs copied from show response in browser function.... ??? because i found same bug on several websites but the thing is that time i didnt know that it was a bug.. now i know but can't remember every website and their parameters name.. i have all the copied urls from burp so if anyone can help me getting data from those urls using burp wou...

    1 Agent Answer    0 Community Answer
    Jul 18, 2019 11:03AM UTC