How Do I?
Finding all forms on a site
Once a site is fully spidered, are there any ways to quickly the total number of the forms or login prompts on that site?2 Agent Answers 1 Community AnswerNov 26, 2015 08:49PM UTC
How to re-enable AMF support
Since AMF support is disabled by default since 1.6.29, how is it re-enabled when needed? Or is AMF testing now limited to the Blazer extension?1 Agent Answer 0 Community AnswerNov 24, 2015 08:43PM UTC
Define Location Component
Is there any way for Extensions to use the "Define custom location" component that is part of the Sequencer and Intruder Grep - Extract functions? This component: http://oi66.tinypic.com/2zhfe60.jpg This would be much easier than making Extension users enter their own regexes.1 Agent Answer 0 Community AnswerNov 24, 2015 06:16PM UTC
Proxy Listeners does not support for the specific address other than predefined proxy.
My proxy is "proxy.xxx.xxx.com". I am unable to edit under Proxy > Options > Proxy Listeners > Edit.2 Agent Answers 2 Community AnswersNov 24, 2015 07:20AM UTC
Can Burp suite be used for slow post http attack testing?
Hello, I want to know either using burp suite (free or paid edition) is it possible to use it for testing "SLOW POST http attack". Please let me know what option exists and how can they be used. thanks. regards asad1 Agent Answer 1 Community AnswerNov 21, 2015 05:20PM UTC
how to list the cipher suite supported by the server
I would like to validate the cipher suites that a web application supports. How could we do it?1 Agent Answer 1 Community AnswerNov 20, 2015 12:38AM UTC
Changing scan areas during scan
If I change Active scanning areas during scan will it reflect in the current scan ? Scenario: 1. I have selected SQL injection checks and started scan 2. I pause the scan and select XSS Checks 3. I resume the scan Question 1: Will the current scan include the XSS as well or it will be applicable from the new scan only ? Question 2: If this change will be reflected in the current scan, ...1 Agent Answer 1 Community AnswerNov 19, 2015 07:44AM UTC
How do I manually reproduce ruby code injection in cookie parameters?
One of the apps I'm testing is coming up with Ruby Code Injection alert. The confidence is listed as Firm. Issue Details: The payload '+sleep(20.to_i)+' was submitted in the foo parameter within the bar cookie. The application took 22015 milliseconds to respond to the request, compared with 15 milliseconds for the original request, indicating that the injected Ruby code caused a ...1 Agent Answer 0 Community AnswerNov 17, 2015 03:45PM UTC
how to detect the errors in webapplication
How to login in burp suite tool in free version and how to detect the errors in webpage.1 Agent Answer 0 Community AnswerNov 17, 2015 12:04PM UTC
Content-location ip versus hostname
Curious behavior difference between nikto output and burp output. From nikto a request like this: GET / HTTP/1.1 User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:headers: IIS internal IP) Connection: Keep-Alive Host: something.com Has a response including this header: content-location: http://foo.bar.foo.bar:8443/index.htm But in burp when this same request is made the re...1 Agent Answer 0 Community AnswerNov 16, 2015 10:37PM UTC