How Do I?
Https not working on new phone
Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device won't load anything and burp doesn't see any traffic - neither https nor http. I've gone through all the steps three different times and validated that PortSwi...1 Agent Answer 0 Community AnswerJun 13, 2017 01:20AM UTC
Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing this if its already fixed. Thanks1 Agent Answer 0 Community AnswerJun 09, 2017 07:09AM UTC
Private Burp Collaborator Server is not working only for me apparently
I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar burpsuite_free_v1.7.23.jar --help Usage: --help Print this message --disable-extensions Prevent loading of extensions on startup --diag...1 Agent Answer 1 Community AnswerJun 08, 2017 09:42PM UTC
Analysing a token in hex format with sequencer
Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is one byte and so on. How can I instruct Burp how many bytes the token consists of and that for example "AB" is one byte and not two. Thank you in advance and Kind Re...2 Agent Answers 2 Community AnswersJun 02, 2017 01:54PM UTC
Burp consumes all RAM
Hi, I'm running Burp installed on linux (not the portable version) and it consumes all RAM on my machine, up to the point it closes itself. Is there a way to launch it, the same way that happens with the .jar version, limiting the memory it is assigned? Thanks in advance.1 Agent Answer 0 Community AnswerJun 02, 2017 10:16AM UTC
How do I use burp suite to scan hidden fields automatically
How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use those to get any access or data from the website.4 Agent Answers 3 Community AnswersJun 01, 2017 09:08PM UTC
not able access the mobile request after a successful configuration.
Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.1 Agent Answer 0 Community AnswerMay 31, 2017 05:23PM UTC
Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote1 Agent Answer 0 Community AnswerMay 29, 2017 08:43AM UTC
JRE Install didn't work.
I followed the "Getting Started" instructions. Checked for Java, did not find it, downloaded latest JRE, tried to install it and got error message to run SxsTrace. Not sure what to do next and finding nothing in any of your documentation or forums, so uninstalling BurpSuite. Thanks.1 Agent Answer 0 Community AnswerMay 29, 2017 01:11AM UTC
How Do I: Tell Intruder that a particular field must be unique for every request?
Hey, I have a web app that has an "Add User" feature. The form submission includes lots of details (about 150) and one of the fields submitted is the "Username" field. I have used the pitchfork attack type and this sort-of works. Unfortunately, it seems to mean that I have to test every single field other than the username individually. I also like using the Intruder t...1 Agent Answer 0 Community AnswerMay 25, 2017 01:09PM UTC