Stack Overflow
Stack Overflow

Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

297 questions
0
votes
0 answers

Python request for an exploit

So I am trying to write a basic python exploit for a basic burp request but I can't figure it out. My request is: POST /index.php HTTP/1.1 Host: : Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT…
Nitescu Lucian
  • 255
  • 4
  • 18
0
votes
1 answer

Public static fields in classes in java

I'm developing a Burp Suite extension. I have a class BurpExtender, it has public static field. public class BurpExtender implements IBurpExtender, IContextMenuFactory{ private IBurpExtenderCallbacks callbacks; public static PrintWriter…
Ivan Salosin
  • 343
  • 1
  • 2
  • 8
0
votes
1 answer

Add Bearer token to Burp-request programatically when "401 Unauthorized" occurs

I'm testing a application that uses OAuth2 with bearer tokens to authorize requests. The problem I'm having is that the access token expires after 600 seconds (10 minutes) and then all requests become 401 Unauthorized. The problem occurring now is…
Ogglas
  • 62,132
  • 37
  • 328
  • 418
0
votes
1 answer

Burp Suit attack every 10 minutes

I am in the intruder tab of Burp Suit Free Edition v1.7.03 I'm able to make an attack which is generally a HTTP request but what I want is HTTP request should be made every 10 minutes instead of default 3 seconds time interval (approx)
Rupesh Bhandari
  • 76
  • 1
  • 12
0
votes
0 answers

how to intercept HTTPS on iphone app?

I have burp suite on my laptop, I have installed the certificate on my IPhone device and every things works great when trying to intercept any request made by the safari browser including HTTPS requests. when I try to intercept an application…
flashDisk
  • 55
  • 5
0
votes
1 answer

Using Burp Spider through proxy

I'm using Burp proxy in my Tor browser, and am able to intercept HTTP requests successfuly. However, when running Spider on any of the viewed URLs, the Spider won't run through the proxy, or at least I have no reason to think that it is. How can I…
Mugen
  • 8,301
  • 10
  • 62
  • 140
0
votes
1 answer

Add SSL certificate exception while proxy session via jmeter/burpsuite for an Android/iOS App

I'm trying to record a session via Jmeter/Burpsuite for and Android or iOS App which interact with an HTTPS API requests e.g. https//api.server.com/login We can add the exception of SSL if using a Browser, But how can we do so while doing proxy on…
Yugal
  • 414
  • 3
  • 14
0
votes
1 answer

Why won't firefox load the webpage when I am listening via proxy and browsing on the same port?

As you can see, I have burpsuite listening on 127.0.0.1:8000 and firefox is manually configured to connect through 127.0.0.1:8000. Yet the page will not load.
Kermit
  • 4,922
  • 4
  • 42
  • 74
0
votes
1 answer

Bing API not giving outputs of subdomains in Burp Suite (Following through Blackhat Python)

I have linked bhp_bing.py as an extension in Burp Suite. But My Burp Suite is not giving outputs of the target site's subdomains. supposed result But mine stops at "performing bing search*****" and I checked the error log and it shows…
Mr.Robot
  • 1
  • 1
0
votes
1 answer

NTLMaps not working for shared Wifi to Burpsuite after OS X update

So I used to use this version of NTLMaps to proxy shared Wifi from my Mac and redirect it to Burpsuite for Native App testing outside of an emulator. You could achieve this by setting the server.cfg to 'PARENT_PROXY:127.0.0.1',…
Cynic
  • 6,779
  • 2
  • 30
  • 49
0
votes
1 answer

Captcha solution to brute force

As we all know there was a recent vulnerability on Facebook that was exploited by an Indian developer as stated here. Brute force in 2016 is very weird, Facebook applies rate limiting while entering the code for phone , Why they are not using…
Johnny
  • 1,743
  • 2
  • 10
  • 12
0
votes
1 answer

Can Burp Suite uses SOCKS 4 upstream proxy?

I'm trying to use the Burp Suite Pro to scan a web application through a SOCKS 4 proxy (Cobalt Strike). But when I try, the proxy server resets the TCP connection. So I fired wireshark to check what was happening between the two and I saw that the…
David Caissy
  • 2,181
  • 5
  • 24
  • 26
0
votes
1 answer

Is there BurpSuit alternative that allows MITM to be performed not only on a browser but also on any programs whose local ports are randomly spawned?

Recently I have come across an 0day in the most popular software in, let's just say "Entertainment" industry, where the remote code execution can be achieved via MITM. Usually, I use Burp to accomplish MITM. But this one is a client-side program…
Arean
  • 5
  • 5
0
votes
1 answer

Burp Suite: Page keeps on loading after proxy is configured on Firefox to record activities

When I set proxy to record activities in Burp Suite, URL keeps on loading, though manually without proxy it works. Its only while recording with Proxy, URL keeps on loading. Any idea why URL does not work while recording with Proxy?
Anonymous
  • 858
  • 4
  • 27
  • 54
0
votes
2 answers

"server certificate change is restricted during renegotiation" error in BURP

I'm using BURP and I always get this alert after a while (maybe like 2-3 minutes of use) javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation any idea where that could come from? I don't see anyone…
David 天宇 Wong
  • 3,724
  • 4
  • 35
  • 47
1 2 3
19 20