How Do I?
Treating existing values in a parameter while scanning
Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning - how will burp work when new crafted requests are sent ? - Will the exiting values of the parameter be removed and replaced with the attack string ? or will the attack st...2 Agent Answers 2 Community AnswersJun 25, 2015 06:41AM UTC
burpsuite_free_v1.6 with upstream proxy not able to intercept https traffic/sites.
Hi Team, I have been using burpsuite_free_v1.6 with upstream proxy with Java version: C:\Users\Administrator>java -version java version "1.8.0_25" Java(TM) SE Runtime Environment (build 1.8.0_25-b18) Java HotSpot(TM) Client VM (build 25.25-b02, mixed mode) And not able to intercept any https site traffic .Below are the alert remark from burpsuite which i m getting. ...2 Agent Answers 1 Community AnswerJun 23, 2015 01:26PM UTC
How to flag only new issues when Burp is run on a continuous basis
Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The only thing I could find in the documentation is: http://portswigger.net/burp/help/scanner_reporting.html The serialNumber element: contains a long integer that is unique to t...1 Agent Answer 0 Community AnswerJun 17, 2015 03:14AM UTC
Spider a application with form based login
For spidering I filled in the scope at Target > Scope. And at Spider > Options I used for "Application Login" > "Prompt for guidance". But after running the spider as "Spider from here" (as it was the / site) only a small requests are made. If I do not use login, I get over 1000s of requests. 1) Do I see which requests are sent and what the responses...1 Agent Answer 1 Community AnswerJun 16, 2015 08:49AM UTC
Macro creation for variables that keeps changing for every request and response.
Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login to the application. There are two requests. First is a GET request and second is POST request. First GET request goes without any parameters First GET response comes with...1 Agent Answer 1 Community AnswerJun 15, 2015 06:07AM UTC
How to use Burp Proxy with an emulated android device?
Is it possible to route an emulated android device through Burp Proxy? I tried the instructions found here: https://support.portswigger.net/customer/portal/articles/1841101 But this says update the WIFI settings on the phone and when using an emulated device - WIFI is not available. Is there any way to route an emulated android device through burp proxy?5 Agent Answers 5 Community AnswersJun 13, 2015 02:38AM UTC
CSRF PoC vulnerability only succeeds while Proxying through Burp
This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp that will increase a User profile to an Admin status. The PoC will work every time while within the initial Admin session is active to is increase the access to the second U...1 Agent Answer 0 Community AnswerJun 10, 2015 03:41PM UTC
Java Socks Override on OSX
Hi there, This is more a heads up rather than a question. I use a socks proxy via SSH/corkscrew when I am onsite at clients' sites to get unobstructed internet. To do this I set the OSX OS proxy settings to my socks server 127.0.0.1. However, it seems as though Java picks this up automatically when Burp is run and these settings override the socks setting within Burp (this is also with ...1 Agent Answer 0 Community AnswerJun 04, 2015 02:02AM UTC
Where is the firefox "plug-n-hack" plugin?????
There is extensive reference to it in the Burp documentation. I have seen forums elsewhere where people allude to it. Even saw somewhere a screenshot someone maybe 18 months ago of it installed in Firefox. But I can find nowhere to download/install it. No URL, nothing. Its like a vicious circle in Google to mozilla docs talking about it, but nowhere to actually find it. What the heck is goin...3 Agent Answers 11 Community AnswersJun 02, 2015 08:48PM UTC
How do I get the referrer or spider links
Hi, I see that the spider has a referrer header option, however when I look at the sitemap, there are no referrers. Is there anyway to get the URLs with the referrer from sitemap that were spidered?2 Agent Answers 1 Community AnswerMay 27, 2015 11:53AM UTC