Stack Overflow
Stack Overflow

Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

297 questions
2
votes
0 answers

Burp Extension: Parsing XML/Jython

I'm writing a Burp extension and need to parse some XML. Using xml.etree.ElementTree, I'm running into this issue. Essentially: SAX for some reason explicitly uses thread's contextClassLoader or system classloader instead of the parent…
user2442072
  • 437
  • 2
  • 7
  • 16
2
votes
0 answers

Bypassing browsers URL encoding to do reflected XSS from query parameter

I did a penetration test and I found several xss vulnerabilities that was triggered in burpsuite or curl (Also in web application scanners) but when I tried to execute it in the browser, it was encoded to utf-8 and the payload wont execute in…
lopa17685
  • 35
  • 5
2
votes
0 answers

How make android application Proxy Aware (Programmatically)?

When I use any proxy like Burp or Owasp ZAP, I see that many applications follow the proxy path and some doesn't and they just flow data directly. I want to know what code is used for this, so that I can choose my own application to be proxy aware…
Monu
  • 877
  • 1
  • 9
  • 27
2
votes
2 answers

Cannot establish TLS with client

I have configured android APP to bypass certificate pinning using some modification of app and installed mitm certificate as system and user in android After running mitmproxy and mitmdump i got below error however i tried all possible way to solve…
TonyStark
  • 379
  • 6
  • 22
2
votes
5 answers

iOS 13 Burp Suite Proxy Unable to Connect

I am trying to run Burp Suite proxy to do some testing from my phone. I have setup Burp Suite Community Edition 2.1.04 I have set my wifi to use my computer's IP address as the proxy on the correct port in Proxy > Options > Proxy Listeners. From my…
user-44651
  • 3,924
  • 6
  • 41
  • 87
2
votes
0 answers

Not able to intercept traffic from nike.com login request

I'm using BurpSuite to intercept the HTTP/HTTPS requests sent when logging in on https://www.nike.com/. I'm trying to achieve this with the following step: Opening BurpSuite and Firefox Turning on the proxy intercept Turning on FoxyProxy on…
Nazim Kerimbekov
  • 4,712
  • 8
  • 34
  • 58
2
votes
1 answer

Hide password in form data while sending a post request

While submitting a form's data,the password is visible in encrypted format inside the form data and also in the parameters of the POST request. I want to hide the password in the encrypted format.In Burp Suite,the following vulnerability issue was…
Nancy
  • 158
  • 2
  • 11
2
votes
0 answers

WhatsApp Web parameters

I am trying to analyse what is being exchanged between an Android device and browser during WhatsApp Web initialization (when scanning the QR code). The mechanism has being described in a post here: Mechanism behind QR code scanning of WhatsApp…
aandroidtest
  • 1,493
  • 8
  • 41
  • 68
2
votes
2 answers

Burp Suite Proxy with java application

I have java application that receive proxy settings. I exported der certificate from Burp Suite Imported this certificate to the java keystore with keytool: keytool -import -trustcacerts -file ~/cacert_7.der -alias BURPSUITE -keystore…
user2264941
  • 407
  • 1
  • 8
  • 23
2
votes
1 answer

burp suite REST Api with nodejs

For getting BurpSuite report, I have trying to integrate my application with BurpSuite Scanner by using REST API. Can anyone help me this.
Nagaraj Nagu
  • 21
  • 3
2
votes
0 answers

Jetty (9.2.13) HTTP client with Socks4Proxy hangs

I'm using Burp's proxy server which is running in background. I have inserted the cacert.der into my java trust store to which my eclipse is pointing to. Now I have the following code…
Dipankar Dey
  • 105
  • 1
  • 8
2
votes
0 answers

Can't decode Instagram, Facebook HTTPS Packets with Burp Suite

According to the title, Install burp suite on my PC and install burp suite certification on my iPhone. I can decode HTTPS packets exclude large company app, But I can't decode HTTPS packets Instagram and Facebook app. I don't know why I can't decode…
rluisr
  • 341
  • 6
  • 16
2
votes
0 answers

SSL traffic decryption - iOS

I'm looking for a way to perform a network trace between an iOS app I'm developing, and a server I own, using my mac to intercept traffic. Traffic is encrypted via SSL ; I own the domain, and the PKCS12 certificate used to encrypt the traffic. I've…
Jeremie Vincke
  • 113
  • 6
2
votes
1 answer

What exactly is meant by 'External Service Interaction' reported by Burp Suite?

Upon running the Burp Security Suite on our web application, I'm getting an issue like 'External Service Interaction' in a page where there's an textbox for getting email addresses. Think of it like inviting other people to our website. The page is…
user937999
2
votes
3 answers

client failed to negotiate an ssl connection : no cipher suites in common -- burp suite

Unable to tamper HTTPS request using burp suit after importing PortSwigger certificate . it given an alert 'client failed to negotiate an ssl connection : no cipher suites in common'... where as it works fine for http request.. i have tried Internet…
zzz
  • 497
  • 3
  • 14
  • 32
1 2
3
19 20