How Do I?
Test thick client which is hard coded with server IP address?
I understand that the Invisible Proxy mode can be used to proxy thick client's HTTP request. However, is this approach feasible for thick client that is hard-coded with server's IP address? The reference below is only applicable for situation where the thick client is coded to a hostname. https://portswigger.net/burp/help/proxy_options_invisible.html1 Agent Answer 0 Community AnswerAug 28, 2017 09:21AM UTC
not comparing username and password at the time of performing attack
Hey, When I perform brute force attack with DVWA and burp suit, some times HTTP request can not be shown. and another problem is after performing final step and click in "start attack" user name and password is not match all result shold be same no checkboxes are checked all are unchecked when it comparing from the file. what shoud i do? please guide me who has solution.1 Agent Answer 0 Community AnswerAug 27, 2017 07:11PM UTC
Scanning large of threads
Hello needing help with the best way to scan a website that has over 1000 items to scan. Recently, I have been given a task to scan a internal only website. This website has over 1000 items to scan from the scanning wizard. This is not a fast scan, I have increase the amount of threads will scan to help get this scan done faster. After talking the person that maintains this website, it is goin...3 Agent Answers 3 Community AnswersAug 24, 2017 09:08PM UTC
The Inferred Items in Site Map
Hi, As you know, in the Site Map View, the inferred items are displayed in gray, as they are not actually requested, but Burp discovered links to them in the content requested. My question is: for a specific inferred item, how can I know from which content it is inferred? Thanks a lot. Regards, Keqin Li1 Agent Answer 0 Community AnswerAug 22, 2017 02:32PM UTC
How do I make Burp follow redirects (302)
Hi all, I currently try to scan an application with the scanner, but for some reasong Burp Scanner is not following the sent redirects. The response looks e.g., like this: HTTP/1.1 302 Found Date: Mon, 21 Aug 2017 14:24:36 GMT Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Length: 0 Location: https://my.company.com/Mana...1 Agent Answer 0 Community AnswerAug 21, 2017 02:39PM UTC
Expected a value for option project-file
I am getting the above error whenever I try to load a project from command line in burp. Please let me know how do I get rid of this error or is there any other way of doing this through command line. I am using the following command: java -jar burp.jar --project-file "path_to_project_file" --config-file "path_to_config_file"1 Agent Answer 0 Community AnswerAug 21, 2017 07:38AM UTC
How to change the Authorization header in scanner rule?
I'm attempting to perform an active scan on a few requests that don't have the current authorization header. Every response in the logger++ output shows a 401 unauthorized because each scanner request is using an invalid auth header. I've looked at the rules creation wizard in the project options -> sessions tab, but it only allows you to modify cookies or parameters, not header ...1 Agent Answer 0 Community AnswerAug 17, 2017 06:17PM UTC
Configure Burp to recoginze traffic from a Visual Studio debug (Start)
When I start up my application from Visual Studio and I hit "Intercept is on" in Burp, it doesn't seem to see what is happening in the web application. Any help on how to do this?1 Agent Answer 0 Community AnswerAug 16, 2017 08:48PM UTC
Include Intruder in project/state file?
Is there a way to include the Intruder tool in the auto-saved project files, or in a state file? I know I can export each Intruder attack separately, but I'd love to not have to remember to do that manually at the end of the day...1 Agent Answer 1 Community AnswerAug 11, 2017 01:55PM UTC
More info on "Identify Backend Parameters"
During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context menu. I did that, but I got no feedback: where should I look for any result and or progress? Do I have to leave some window open? Can you please give me more ...1 Agent Answer 1 Community AnswerAug 11, 2017 08:10AM UTC