How Do I?
vulnerable to DOM-based cross-site scripting
Is it possible to exploit ? var redirectUrl = $(location).attr('href'); $(location).attr('href', 'Url' + redirectUrl);1 Agent Answer 0 Community AnswerJul 25, 2019 08:48AM UTC
Scan unusual ports
I have setup my Scope with 50 or so IP addresses. When I try and start a new scan using unusual ports off those IP addresses Burp Pro 2.1 tells me that these URLS to scan are out of scope. I've tried adding them in: specifically (EG 10.10.10.10 Port 7001 to my scope, to try and scan 10.10.10.10:7001) generally (EG 10.10.10.10 to my scope to try and scan 10.10.10.10:7001) I can start a sc...1 Agent Answer 0 Community AnswerJul 24, 2019 06:05PM UTC
Save Task Execution Project Options
Is it possible to export and import the Dashboard "Task execution" settings, "Live passive crawl" settings, and "Live audit" settings so that they can be automatically used when Burp is next started? For example, can a user save and automatically use a configuration the next time Burp starts that executes tasks with a resource pool that only sends 2 concurrent request...1 Agent Answer 0 Community AnswerJul 24, 2019 03:19PM UTC
The login script on the new Burp version
Hello, in the older Burp version there was an option to make a login script, which would initiate during spider or scan functions. That script had options to check for session validity, have a custom login flow sequence etc. Now in the newer version of Burp I can't find those options, there is only Username and Password fields in the scan configuration options. I can define something ther...1 Agent Answer 0 Community AnswerJul 24, 2019 09:44AM UTC
exclude scope setting for new burp pro 2.1
In the old burp, before you kick off the spidering and scanning. There was a option to exclude specific file extension like docx or pdf or exe. In the new version of burp this is option is listed in the audit select items. This not everything I need. https://portswigger.net/burp/documentation/desktop/scanning/scan-launcher I found this url-matching https://portswigger.net/burp/document...2 Agent Answers 2 Community AnswersJul 19, 2019 09:16PM UTC
How to pass through HTTP traffic
Hi guys, When performing a pentest, I often don't want to define scope rules because I can never know which hosts the main application is requesting. So to reduce the noise in the history section I use SSL pass through to exclude firefox or microsoft background traffic. But what can I do with HTTP traffic? I don't want to drop it. Is there a possibility in Burp to pass through non-SSL t...1 Agent Answer 0 Community AnswerJul 19, 2019 05:11AM UTC
How to remove or encrypt passwords in Burp Pro v2.1?
Hello, I recently switched to Burp Pro v2.1 from v1.7.34 and I can't seem to find the "Passwords" option under the "Burp" drop down menu. I can't keep test credentials in the burp project file unprotected. Where is the "Save encrypted using master password" or the "Do not save" options for Passwords in the new burp release? Thanks! Chris...1 Agent Answer 0 Community AnswerJul 18, 2019 11:09PM UTC
Crawling a website in community edition
Hello, Since the spider was removed and replaced by the crawler, is it no longer possible to crawl/spider websites with the community edition? Whenever I right click a node, such as the root node of a website, on the target tab and choose "Scan", a new task is created, but it says "Crawl finished", with 0 requests (0 errors) and 0 locations crawled.1 Agent Answer 0 Community AnswerJul 18, 2019 03:01PM UTC
how many target can we scan?
Hi, would you please clarify me about how Burp enterprise scans vs. Acunetix?! in summary, Acunetix is target base and you should by a license based on the targets that you need. for instance, if you have 100 subdomains you should buy a license for 100 targets, but all the targets can start to scan simultaneously! As far as I understand, Burp is agent base. I mean you should buy a number of age...1 Agent Answer 0 Community AnswerJul 18, 2019 02:58PM UTC
about copied link from show response in browser
hey, is there any way to check a the data for the URLs copied from show response in browser function.... ??? because i found same bug on several websites but the thing is that time i didnt know that it was a bug.. now i know but can't remember every website and their parameters name.. i have all the copied urls from burp so if anyone can help me getting data from those urls using burp wou...1 Agent Answer 0 Community AnswerJul 18, 2019 11:03AM UTC