Stack Overflow
Stack Overflow

Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

297 questions
4
votes
1 answer

Stripe's JS not working with browser's Manual proxy configuration

I am trying to integrate stripe with my site. To detect security risks, I use Burp Suite. For that I have to modify my proxy settings. I have set below proxy configurations in my Browser (Google Chrome) HTTP proxy: 127.0.0.1 Port: 8000 Now when I…
Hussain
  • 5,057
  • 6
  • 45
  • 71
3
votes
0 answers

Twitter website gives a different response when sending a request using python-requests

When I send a get requests to https://twitter.com/ using Burp Suite or CUrl, I get HTTP 302 with following body: Found. Redirecting to /i/flow/login?redirect_after_login=%2F. However, when I make the same get request from Python-requests, I get …
Shoto
  • 31
  • 4
3
votes
1 answer

dastardly burp with gitlab

I want to use Burp dastardly which is the new DAST tool from portswigger. actually I tried it in Gitlab CI/CD but I got an error! even I tried it in my server. this is how I use it in Gitlab: Burp_DAST: stage: dast image: docker:stable …
Iman
  • 410
  • 7
  • 17
3
votes
1 answer

How does burp-suite intercept https requeest inspite of the encryption?

I was trying to get myself familiarised with basic concepts of https when I came across its encryption, which in a nutshell functions as follows, Now I have seen QA engineers in my company use this tool called burp-suite to intercept request. What…
shellbot97
  • 198
  • 1
  • 12
3
votes
0 answers

Unable to intercept traffic of an android app

Recently, I was trying to test and intercept traffic from an app developed on Rhomobile, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can intercept other apps on my device but I am unable to see the…
hanan
  • 532
  • 2
  • 7
  • 23
3
votes
8 answers

Burp Interception does not work for localhost in Chrome

I can't intercept requests made by Chrome version 73.0.3683.86 to my localhost site. Local host site is running on IIS on http://127.0.0.3:80 Burp proxy lister is default one on 127.0.0.1:8080 Interception rules are default one as well In my LAN…
mimo
  • 6,221
  • 7
  • 42
  • 50
3
votes
1 answer

Burp extender ---- How to write a extender of intruder?

Recently, I need to write a custom payload generator in burp's intruder module Then I googled it and do as the articles from internet, but there are two interface, I don't know what to do. Should I implement them both or what ?? Can anyone give me…
anonymous
  • 61
  • 7
3
votes
6 answers

How to intercept local server web requests using Burp in Internet Explorer

I have properly configured Burp to intercept at a proxy location at 127.0.0.1:9090 My Internet Explorer proxy settings are as follows: Also I have a webserver named WebGoat running in http://localhost:8080/WebGoat/ All the requests are not being…
XChikuX
  • 766
  • 1
  • 9
  • 33
3
votes
1 answer

WebSockets and Application Proxy Connection Issues

Does anyone have a websocket connection working with an application proxy (e.g. burp or zap)? For example, I have a working version of jWebSockets with works perfectly on my local machine. However, when I intercept with Burp or Zap the connection…
RND
  • 31
  • 3
2
votes
1 answer

Initiator of request - Burp Suite

I am analyizing the traffic of an Android application via the Burp Suite and the emulator of Android Studio. How can I find out the initiating App of a request? I would like to know if a request is started by my app or another app or by the…
Stefan Klaus
  • 23
  • 2
2
votes
1 answer

Burpsuite active scan changed my table's shape and data, is there any way to recover them?

I used burpsuite to do an active scan of my web application (using MySQL) in order to find vulnerabilities. After the scan was done, one of my tables got messed up: |-----|---------------------|----------------|-----------------------|---------| |…
zolei
  • 31
  • 6
2
votes
0 answers

"ImportError: No module named requests" In burp suite extension

I am using burp suite extension to intercept https requests and responses and trying to import requests module to do so but when adding the extension, burp raises error "ImportError: No module named requests" , but the module is installing and…
dusha
  • 21
  • 1
2
votes
0 answers

Why do I get 400 Bad Request when connect to websocket using python websocket, while when I use Burp Suite I get 101 Switching Protocols?

I was trying to connect to an android application using websocket python on pc but idk why I always get 400 Bad Request. While when I intercept the data using Burp Suite and try to connect manually, its connected. This is the request code on Burp…
Seth Hamumu
  • 21
  • 2
2
votes
0 answers

Use Dialer with Proxy. Route TCP stream through Proxy

Using the following snippet I'm easily able to do HTTP(S) requests which are routed through the proxy (Burp Suite) which I'm using. proxyURL, _ := url.Parse("http://127.0.0.1:8080") caCert, _ := ioutil.ReadFile(/path/to/proxycert) caCertPool, _ :=…
LowkeyFlex
  • 21
  • 1
2
votes
0 answers

Burp Suite SSL ERROR HANDSHAKE FAILURE ALERT OR ERR SSL PROTOCOL ERROR

My Burp Suite was working properly but failed after a while and the message in FireFox"SSL_ERROR_HANDSHAKE_FAILURE_ALERT" and in Chrome "ERR_SSL_PROTOCOL_ERROR" was displayed in the browser. The valid Burp Suite certificate was also fully integrated…
Seyed_Mojtaba1997
  • 21
  • 3
1
2
3
19 20