How Do I?
Can I add more scans to SQLi or XSS scans which are run by Scanner?
I want to configure Burp a bit more. As I understood, in Scanner / Options I can select the Active Scanning Areas. Is there a way to add more e.g. SQLi, or XSS to what already is checked? Where can I see the list of Payloads which are injected in Scanner? Are these the same as in Intruder / Payload Options? Can there be something done with the Issue Definitions or is it informational? T...1 Agent Answer 0 Community AnswerFeb 19, 2016 09:21AM UTC
Compare site maps with a Authorization: Basic value
I want to do a comparison with different privileged accounts. For Site Map 2 I want to "Request map 1" with a new cookie. In the Options > Sessions I added a "Use Cookie from Cookie Jar" for Target. But there is a header "Authorization: Basic xxxx" which I have to change, too. I didn't find a way to change a header in the Session Handling Rules. I can add a...1 Agent Answer 0 Community AnswerFeb 18, 2016 02:21PM UTC
Problem with Digest authentication
Hi, We have a web application which consist of both web pages without authentication and web pages that uses Digest authentication. When we add the platform authentication credentials to Burp Suite the Scanner test doesn't complete the testing of web pages not using Digest authentication. In the Scan queue tab the status ends up telling "abandoned - too many errors (XX% complete)"...2 Agent Answers 1 Community AnswerFeb 18, 2016 08:58AM UTC
I'm running burp v1.6.36 and using a client ssl certificate to authenticate to secure web pages. I am receiving the error handshake_failure when attempting to access and sites that require the client cert. I am using java 1.6.0_41-b02. Below is what I have tried to resolve the issues with no success. Install Java Cryptography Extension (JCE) by by copying the loca_policyl.jar and US_e...1 Agent Answer 1 Community AnswerFeb 17, 2016 06:54PM UTC
Reporting only on POST not GET methods? (Scanner)
Hi, After running a passive scanner session I have hundreds and hundreds of potential CSRF 'missing anti-CSRF token' (so far in reality they are all false positives and the anti-CSRF token is just contained with some other data e.g. uifsid=0&_csrf= (the _csrf is the anti-CSRF token)). Anyhow, what I really would like to be able to do is report only on POST methods and not GET met...1 Agent Answer 0 Community AnswerFeb 17, 2016 05:05PM UTC
Customize the report output?
Is there an easy way to customize the report output to include my Company Name and Logo at the top of the report? I have tried to create a word template for use with report-ng but cannot get it to work. Thanks in advance!!1 Agent Answer 1 Community AnswerFeb 17, 2016 03:45PM UTC
unlimited "number of retries on network failure"
How can I set Intruder's "number of retries on network failure" to unlimited? I see that currently I can only set it to 20 max before I get an error.1 Agent Answer 0 Community AnswerFeb 16, 2016 09:51PM UTC
Items already scanned
Are there any ways to highlight the items that have already been scanned manually or with active scanning?1 Agent Answer 1 Community AnswerFeb 16, 2016 09:25PM UTC
"Report selected issues". is not visible in burpsuite_free_v1.6.32 version
After scanning I am not able generate the scan report followed the following steps: To generate a report of your scanning, collapse the tree view of the application's contents. Then select the top-level domain entry for the application. Then right-click to show the context menu, and select "Report selected issues". Does this feature not available in free editon of burpsuite_fre...1 Agent Answer 0 Community AnswerFeb 15, 2016 11:58AM UTC
Regex Active Scanner
Hello, I am a bit struggling to set a regex to match for filetypes and avoiding the Active Scanner to scan files like jpg/css/gif and so on. I created a rule like the to exclude URL path filenames with regext \.jpg$ but it doesn't work, when I browse to the page and have the scanner to automatically scan, start to scan the jpg files as well. Could you suggest me how to handle this exclus...2 Agent Answers 3 Community AnswersFeb 14, 2016 11:14AM UTC