How Do I?
Scanning large of threads
Hello needing help with the best way to scan a website that has over 1000 items to scan. Recently, I have been given a task to scan a internal only website. This website has over 1000 items to scan from the scanning wizard. This is not a fast scan, I have increase the amount of threads will scan to help get this scan done faster. After talking the person that maintains this website, it is goin...3 Agent Answers 3 Community AnswersAug 24, 2017 09:08PM UTC
The Inferred Items in Site Map
Hi, As you know, in the Site Map View, the inferred items are displayed in gray, as they are not actually requested, but Burp discovered links to them in the content requested. My question is: for a specific inferred item, how can I know from which content it is inferred? Thanks a lot. Regards, Keqin Li1 Agent Answer 0 Community AnswerAug 22, 2017 02:32PM UTC
How do I make Burp follow redirects (302)
Hi all, I currently try to scan an application with the scanner, but for some reasong Burp Scanner is not following the sent redirects. The response looks e.g., like this: HTTP/1.1 302 Found Date: Mon, 21 Aug 2017 14:24:36 GMT Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Length: 0 Location: https://my.company.com/Mana...1 Agent Answer 0 Community AnswerAug 21, 2017 02:39PM UTC
Expected a value for option project-file
I am getting the above error whenever I try to load a project from command line in burp. Please let me know how do I get rid of this error or is there any other way of doing this through command line. I am using the following command: java -jar burp.jar --project-file "path_to_project_file" --config-file "path_to_config_file"1 Agent Answer 0 Community AnswerAug 21, 2017 07:38AM UTC
How to change the Authorization header in scanner rule?
I'm attempting to perform an active scan on a few requests that don't have the current authorization header. Every response in the logger++ output shows a 401 unauthorized because each scanner request is using an invalid auth header. I've looked at the rules creation wizard in the project options -> sessions tab, but it only allows you to modify cookies or parameters, not header ...1 Agent Answer 0 Community AnswerAug 17, 2017 06:17PM UTC
Configure Burp to recoginze traffic from a Visual Studio debug (Start)
When I start up my application from Visual Studio and I hit "Intercept is on" in Burp, it doesn't seem to see what is happening in the web application. Any help on how to do this?1 Agent Answer 0 Community AnswerAug 16, 2017 08:48PM UTC
Include Intruder in project/state file?
Is there a way to include the Intruder tool in the auto-saved project files, or in a state file? I know I can export each Intruder attack separately, but I'd love to not have to remember to do that manually at the end of the day...1 Agent Answer 1 Community AnswerAug 11, 2017 01:55PM UTC
More info on "Identify Backend Parameters"
During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context menu. I did that, but I got no feedback: where should I look for any result and or progress? Do I have to leave some window open? Can you please give me more ...1 Agent Answer 1 Community AnswerAug 11, 2017 08:10AM UTC
Installing Burp-suite in Ubuntu 16.04 LtS
How do I install burpsuite in Ubuntu 16.04 LTS , is there any .deb package available?1 Agent Answer 0 Community AnswerAug 09, 2017 02:46PM UTC
Does anyone have experience testing endpoints that expect BSON content? Is it possible to implement a plugin that encodes the Active Scan payloads as to be able to stress these endpoints from Burp Pro? Thanks in advance.1 Agent Answer 0 Community AnswerAug 09, 2017 02:47AM UTC