How Do I?
Configure Burp to intercept Internet and Intranet traffic
Hi I have been using burp to intercept traffic to localhost websites only, basically i run tomcat locally and then use proxy 127.0.0.1 8080 in burp and browser, This works well for local traffic, but i cannot use for internet or intranet traffic Is there a way i can get burp to work to intercept internet and intranet traffic, normally i use Fiddler for this, but would like burp better then Fid...1 Agent Answer 0 Community AnswerDec 12, 2016 02:06PM UTC
Is Burp Infiltrator working?
I think I'm using Burp Infiltrator correctly but I don't believe that I'm not seeing any Infiltrator results in the Issues. I'm testing against the WebBank vulnerable demo project (https://github.com/pentestingforfunandprofit/webbank) and from an Active Scan get 'Certain' SQL Injection, Xpath Injection, XXE, XML Injection, DNS and HTTP collaborator interaction, etc. b...4 Agent Answers 2 Community AnswersDec 11, 2016 11:00PM UTC
Hi I'm running IE 11 through burp suite but in conjunction with the TOR browser and keep getting the following error message - I'm sorry I'm new to pentesting so hope you could advise: Error SOCKS server general failure.1 Agent Answer 0 Community AnswerDec 11, 2016 05:16PM UTC
Edit Request in interceptor using burp extender
Hi Is it possible to use burp extender to write a custom tool which will modify a certain paramter , every time this parameter is present in this request ?1 Agent Answer 0 Community AnswerDec 09, 2016 08:43PM UTC
Always requires a log for the audit trail
Hi We always need a log every time. Can I write the settings in the configuration file or startup options? Or othere nice way. Thanks2 Agent Answers 1 Community AnswerDec 09, 2016 08:19AM UTC
Meaning of red highlighted text Target-Site map?
I have several items in my Target-Site map that are in red text. What does this mean?1 Agent Answer 0 Community AnswerDec 08, 2016 06:40PM UTC
Cross-site request forgery - ignore date response header
Hi, I'm receiving a lot of false positives as nginx is sending the Date header - which is obviously different each time the scanner tries a new combination - so Burp is highlighting it (albeit tentatively). Is there any way to tell the scanner to ignore the date response header? Thanks, Ed1 Agent Answer 0 Community AnswerDec 07, 2016 01:23PM UTC
How can I intercept traffic on iOS 10?
Always when I try to intercept traffic from some specific Apps on iOS 10 I get the error below. The client failed to negotiate an SSL connection to graph.facebook.com:443: Received fatal alert: unknown_ca I did some research and I came across to this article: https://nabla-c0d3.github.io/blog/2015/12/01/burp-ios9-ats/ It says that I need to generate a 2048 bits certificate and private ...2 Agent Answers 1 Community AnswerDec 07, 2016 03:53AM UTC
proxing Thick client Applciations
I working with Java Thick client application which is used login in Browser after successful login it collects the jar files from server and later it became Desktop application i configured normal as Web application then that time request and response are captured after the Desktop application not captured. i searched below links https://portswigger.net/burp/help/proxy_options_invisible.html ...2 Agent Answers 1 Community AnswerDec 05, 2016 07:35AM UTC
Best manage CSRF in Alfresco
Scanning Alfresco, and wanted to do automated scans of "create-site" function (for example). GET of the "create-site" URL (or any URL) seems to refresh the CSRF token sometimes (Alfresco-CSRFToken), I think the first GET after one or more POSTs. POST to the "create-site" has both HTTP header "Alfresco-CSRFToken: HEX" and Cookie "Alfresco-CSRFToken...1 Agent Answer 0 Community AnswerDec 02, 2016 05:53PM UTC