Stack Overflow
Stack Overflow

Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

297 questions
13
votes
3 answers

How can I use BurpSuite proxy with HTTPS in chrome

BurpSuite can only intercept HTTP traffic. How can I also intercept HTTPS traffic on Ubuntu? I need to install the CA but how?
Silver
  • 1,075
  • 3
  • 12
  • 37
12
votes
1 answer

What is the difference between Burp Suite and Wireshark?

Burp Suite and Wireshark are said to be the best tools for penetration testing. I'm curious what the difference is between them, and the pros and cons of each.
H S Umer farooq
  • 981
  • 1
  • 8
  • 14
11
votes
3 answers

SQLMAP - Post JSON data as body

Hi I'm trying to do a SQL injection in a login form. With BurpSuite I intercept the request: POST /xxxx/web/Login HTTP/1.1 Host: 10.0.0.70:42020 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0 Accept:…
ronIDX
  • 758
  • 1
  • 5
  • 20
7
votes
1 answer

Burp proxy interception doesn't work for localhosted web apps with Firefox

Although I can and do use the Burp proxy with Firefox for remote web servers without any problem, I can't seem to get it to work on the local network with test web applications I host on my local server. Burp cannot see traffic from these requests.…
Shaun Richardson
  • 73
  • 4
6
votes
1 answer

How to bypass Cloudflare protection with Burp?

I'm inspecting web page and using Burp suite to intercept HTTP requests made by JS. For certain URL I receive 403 status and Claudflare's page with message "Please turn JavaScript on and reload the page". JS is turned on in my browser (Firefox) and…
Alexey Kholodkov
  • 131
  • 1
  • 4
6
votes
0 answers

Using pfctl to redirect traffic does not work

I am trying to set up a proxy on OSX to intercept traffic. I found that the native way to do it is using pfctl and using a transparent proxy tool like mitmproxy or Burp Suite. Mitmproxy has a chapter in their docs about how to set up the Mac with…
Robbsen
  • 153
  • 2
  • 11
6
votes
1 answer

How to Maintain HTTP Session in Burp suite?

My Application is single page application. It has following modules.. Add User, Edit User, Delete User, Settings. etc., I have collected all the url's in the HTTP history using Burp Proxy. I wanted to do Scan, SQL Injection, XSS for the modules that…
ChanGan
  • 4,254
  • 11
  • 74
  • 135
6
votes
1 answer

Way to modify git pack files?

I'm pentesting a git server currently, and I'm trying to figure out how to modify pack files. I have my git requests running through Burp proxy, however, I'm unsure how to tamper with the pack files I see being sent to the git-receive-pack endpoint.…
GBleaney
  • 2,096
  • 2
  • 22
  • 40
4
votes
1 answer

Burp doesn't intercept localhost

I'm new to burp and is playing around to intercept traffic from my localhost machine (website that I created for testing). However I noticed that burp intercept the css rather that traffic/url. What do I do to make burp intercept my localhost/php…
matr3p
  • 65
  • 2
  • 9
4
votes
0 answers

Acess local Burp proxy from WSL

My issue is rather simple: How do I configure my setup, so that my WSL (2) instance (ubuntu) could access and use a proxy server served using Burp Suite on the same physical computer, but on the Windows side? Currently I am getting connection…
Matheos
  • 207
  • 2
  • 12
4
votes
1 answer

Python requests https: code 403 without but code 200 when using BurpSuite

I'm currently trying to scrape retailmenot.com this is how my code looks so far: import requests from collections import OrderedDict s = requests.session() s.headers = OrderedDict() s.headers["Connection"] =…
Nazim Kerimbekov
  • 4,712
  • 8
  • 34
  • 58
4
votes
3 answers

Send requests with Python (intercepted with Burp)

I'm having trouble understanding requests. Let's say I have this request: POST /user/follow HTTP/1.1 Host: www.website.com User-Agent: some user agent Accept: application/json, text/plain, */* Accept-Language: pl,en-US;q=0.7,en;q=0.3 Referer:…
David
  • 139
  • 2
  • 8
4
votes
2 answers

Network request not seen in Charles

I am trying to see network request done by an iPhone app so I can check what data is being sent. Or at least, how many requests it is doing. But when using Charles or Burp Suite on my Mac, it does not show any request outputs from this specific app.…
Ron
  • 1,047
  • 13
  • 18
4
votes
1 answer

How to invalidate a http session after logout

I am creating a web application in asp.net mvc which is using forms authentication to authenticate users. I am using a HTTP proxy tool "burp" to capture an authenticated users authenticated cookie. After that I logout from the application. Now I am…
Abhishek
  • 411
  • 8
  • 19
4
votes
0 answers

Remote host closed connection during handshake : Burp Certificate in Android

I have been trying day and night to intercept android traffic through burp. I can successfully intercept all http traffic through burp but https are not getting intercepted. The following are the version details : BurpSuite 1.6 Java 1.6 Android…
user2868280
  • 41
  • 1
  • 3
1
2 3
19 20