How Do I?
Setting proxy.MasterIntercept to 0
In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to 'false' scanner.testcommandinjection scanner.testcommandinjectionblind scanner.testcommandinjectioninformed scanner.testCsrf scanner.testheaderinjection scanner.testheadermanipula...2 Agent Answers 2 Community AnswersSep 16, 2015 06:22PM UTC
Performing an ActiveScan to perform scan against non-body parameters
I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), scanJob.getOffsets(testCaseParam, baseRequestResponse)); In getOffsets(), we identify which parameters are available and if they match, we get the offse...1 Agent Answer 1 Community AnswerSep 16, 2015 06:17PM UTC
Deleting scanned items
In older version of Burp Suite, 'Delete Scanned Items' used to exist. that was helpful in clearing the queue. With latest version, that option is not visible(only Hiding is available). As a result , I have to close and start Burp Suite for every scan to avoid displaying scanned items of last scan. Is there any alternative to this ? Thanks, Kunal6 Agent Answers 5 Community AnswersSep 14, 2015 06:06PM UTC
Set socks proxy in headless mode
I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?1 Agent Answer 0 Community AnswerSep 11, 2015 07:29AM UTC
I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie jar 2. How to manage thread scanning the application like how can I tell to a particular thread to use a cookie from a particular cookie jar Thanks in advance...1 Agent Answer 0 Community AnswerSep 10, 2015 07:08AM UTC
XSS in json parameters
Hello? I have got several XSS issues from the Burp Scanning but they couldn't be exploitable as the response messages have 'Content-Type: application/json' header. I investigated this with old browsers (e.g. IE8) but they didn't execute the script either. In this case, could I say the application is safe from XSS issue? When can this vulnerability still be dangerous...3 Agent Answers 2 Community AnswersSep 08, 2015 08:39PM UTC
Best approach for web-application testing with a webservice.
The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the browser. While I'm aware I can route all traffic through the same instance of Burp, what I need is a passive fuzzing, where I can send the same request f...1 Agent Answer 0 Community AnswerSep 08, 2015 02:50PM UTC
Missing scroll bar in "HTTP history" window
I have came across this problem few days ago. I am not sure is it because of too many entries in the history. It is quite hassle for me to use to arrow to scroll back and check on some entries. Are there any ways for me to get the scroll bar back?2 Agent Answers 4 Community AnswersSep 08, 2015 03:20AM UTC
Burp Suite Proxy will not intercept the site after Intercept mode is on.
Hi, Can any one please help me, In my Burp tool i have enabled Proxy - > intercept on but still it is not intercept my site but Target -> site map will show all the action and response. So please help me how to resolve this problem. Note: I'm new to Burp Suite.2 Agent Answers 1 Community AnswerSep 02, 2015 09:42AM UTC
Add all URL in target scope
Hi, I'm looking for a way to add all URL in target scope. As we can use regex I just put '*' in "Host or IP range" but burp is not agree with that. Which regex can I use to achieve this ? Cheers1 Agent Answer 1 Community AnswerSep 01, 2015 08:56AM UTC