Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

297 questions

votes

0 answers

Sql injection issue with burpsuite

I working on a site survey when I scan the site with Burp it returns that the site is vulnerable for sql injection but I'm not able to reproduce it with sqlmap Issue detail The portal parameter appears to be vulnerable to SQL injection attacks. The…

burp sqlmap

asked Jun 12 '19 at 13:52

John

votes

1 answer

How to intercept websites with HSTS(HTTP Strict Transport Security)

When I am trying to intercept a website using Burp suite it gives error like POTENTIAL SECURITY ISSUE

xss owasp burp

asked Apr 24 '19 at 13:16

phaneendra yandrapragada

votes

1 answer

How to proxy HTTPS traffic with burp suite?

I have a website which is available at: https://abs:8443/myweb I use burp suite as a local proxy: proxyIP = "127.0.0.1" proxyPort = 8080 Then I tried to proxy the https trafic via burp to the https website but it failed. Here is what I tried:…

python sockets ssl https burp

asked Mar 06 '19 at 13:51

Michael

32,527
49
210
370

votes

0 answers

J2ee applications released under tomcat can still be intercepted by burpsuite after being modified to HTTPS protocol

I have a j2ee application that can be intercepted by burpsuite and get the parameters in the request, so I configured tomcat and changed the publishing mode from HTTPS, but it can still be intercepted by burpsuite.How do I harden the system to avoid…

security tomcat testing https burp

asked Jan 30 '19 at 07:07

NeoSkyWalker

votes

0 answers

Link manipulation (DOM-based) - jquery mobile

We use jquery.mobile-1.1.1.min.js in our application. Burp scan found Link manipulation (DOM-based) vulnerability in jquery.mobile-1.1.1.min.js: [SNIP] ").prependTo(e)[0].href;c[0].href=h||location.pathname;d&&d.remove();return…

javascript jquery jquery-mobile burp

asked Jan 17 '19 at 13:51

Togi

votes

0 answers

Burp Suite Professional Error Failed to connect to 127.0.0.1:80

I am completely new to burp suit and dvwa as well, I have one task into my plate to execute, that is security testing, I have invested today entire day to collect data and watch videos and to apply the same to my assigned task, which is not…

security burp

asked Dec 27 '18 at 05:54

Roma Kamble

votes

1 answer

How Burp exactly scans a request

I just started working with Burp professional suite 2.0.6 beta. After proxy recording, I just right-click and perform the scan with default configuration. I want to know exactly what happens in that scan. It covers pen testing, but how? Does it…

rest security web-applications penetration-testing burp

asked Oct 05 '18 at 10:24

Bala

votes

0 answers

Burp: changeing the hostname of a target / branch

I've collected in a manual test a lot of URIs below a target. As the host is a local environment, I'd like to run the same scan against the same set of URIs in the QA environment. Hence, the hostname of https://:4443/app/... should change in…

burp

asked Oct 01 '18 at 11:40

m_c

votes

1 answer

Java Proxy Burp

I want to configure Burp as a proxy for my java code, to see requests and responses. Burp works fine as a proxy between a web browser, but it doesn't for java application. I've added to my code such lines: WebClient client = new…

java proxy burp

asked Sep 14 '18 at 12:55

Laucer

votes

1 answer

Cannot intercept request in burp suite. I am having browser and burp settings done

Burp Proxy Screenshot Although I on refreshing the site in a browser it captured in burp but the requests are not getting intercepted. Browser setting- Manual proxy- 127.0.0.1, Port-8080 Burp Setting- Default- 127.0.0.1/8080

security burp

asked Sep 11 '18 at 13:50

mrjay

votes

1 answer

url does not load after proxy settings in IE and burp suite

When I set proxy to record activities in Burp Suite, URL keeps on loading, though manually without proxy it works.

security burp pen

asked Sep 04 '18 at 12:20

san

votes

1 answer

Burp Extender API : How to pick selected text on custom menu-item click

I am building a Plugin. I have created a Menu Item and i want to grab selected text when my menu item is clicked. Same like burp URL-decoder menu-item. Regards.

burp

asked Aug 31 '18 at 15:53

bugzy

votes

0 answers

Cross-site scripting (DOM-based) burp issues

In Burp Scanner Report, I got below issue The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to $() via the following statement: $(location).attr('href',"/MYAPP/home.action"); How this…

javascript java jquery burp

asked Aug 27 '18 at 17:43

Murhari

votes

1 answer

How to sign in to Google then get the output html?

How do I sign in to Google then get the output html, with a Python Script? I don't want to use Selenium, just a sequence of GET/POST requests. I have used Burp Suite to intercept the POST request when I entered my email. I don`t understand all those…

python google-signin burp

asked Jul 25 '18 at 13:37

Chris Avraam

votes

1 answer

Why FF is preferred browser to set proxy ?

What is the actual reason to choose Firefox to configure along with Proxy tools like Burp Suite or ZAP ? i.e. Is FF is providing something more than other browser's when it comes to proxy setting ?

security browser proxy burp

asked Apr 18 '18 at 11:45

Dhaval Dosi

Prev 1 2 3

…

19 20 Next