Stack Overflow
Stack Overflow

Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

237 questions
13
votes
3 answers

How can I use BurpSuite proxy with HTTPS in chrome

BurpSuite can only intercept HTTP traffic. How can I also intercept HTTPS traffic on Ubuntu? I need to install the CA but how?
Silver
  • 1,005
  • 2
  • 11
  • 32
6
votes
0 answers

Using pfctl to redirect traffic does not work

I am trying to set up a proxy on OSX to intercept traffic. I found that the native way to do it is using pfctl and using a transparent proxy tool like mitmproxy or Burp Suite. Mitmproxy has a chapter in their docs about how to set up the Mac with…
Robbsen
  • 143
  • 1
  • 9
6
votes
1 answer

How to Maintain HTTP Session in Burp suite?

My Application is single page application. It has following modules.. Add User, Edit User, Delete User, Settings. etc., I have collected all the url's in the HTTP history using Burp Proxy. I wanted to do Scan, SQL Injection, XSS for the modules that…
ChanGan
  • 3,985
  • 9
  • 62
  • 113
6
votes
1 answer

Way to modify git pack files?

I'm pentesting a git server currently, and I'm trying to figure out how to modify pack files. I have my git requests running through Burp proxy, however, I'm unsure how to tamper with the pack files I see being sent to the git-receive-pack endpoint.…
GBleaney
  • 1,907
  • 2
  • 19
  • 36
5
votes
2 answers

SQLMAP - Post JSON data as body

Hi I'm trying to do a SQL injection in a login form. With BurpSuite I intercept the request: POST /xxxx/web/Login HTTP/1.1 Host: 10.0.0.70:42020 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0 Accept:…
ronIDX
  • 678
  • 1
  • 4
  • 18
4
votes
2 answers

Send requests with Python (intercepted with Burp)

I'm having trouble understanding requests. Let's say I have this request: POST /user/follow HTTP/1.1 Host: www.website.com User-Agent: some user agent Accept: application/json, text/plain, */* Accept-Language: pl,en-US;q=0.7,en;q=0.3 Referer:…
David
  • 139
  • 2
  • 8
4
votes
2 answers

Network request not seen in Charles

I am trying to see network request done by an iPhone app so I can check what data is being sent. Or at least, how many requests it is doing. But when using Charles or Burp Suite on my Mac, it does not show any request outputs from this specific app.…
Ron
  • 944
  • 10
  • 18
4
votes
0 answers

Remote host closed connection during handshake : Burp Certificate in Android

I have been trying day and night to intercept android traffic through burp. I can successfully intercept all http traffic through burp but https are not getting intercepted. The following are the version details : BurpSuite 1.6 Java 1.6 Android…
user2868280
  • 41
  • 1
  • 3
4
votes
1 answer

Stripe's JS not working with browser's Manual proxy configuration

I am trying to integrate stripe with my site. To detect security risks, I use Burp Suite. For that I have to modify my proxy settings. I have set below proxy configurations in my Browser (Google Chrome) HTTP proxy: 127.0.0.1 Port: 8000 Now when I…
Hussain
  • 4,349
  • 5
  • 38
  • 63
3
votes
0 answers

Unable to intercept traffic of an android app

Recently, I was trying to test and intercept traffic from an app developed on Rhomobile, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can intercept other apps on my device but I am unable to see the…
hanan
  • 145
  • 1
  • 13
3
votes
6 answers

Burp Interception does not work for localhost in Chrome

I can't intercept requests made by Chrome version 73.0.3683.86 to my localhost site. Local host site is running on IIS on http://127.0.0.3:80 Burp proxy lister is default one on 127.0.0.1:8080 Interception rules are default one as well In my LAN…
mimo
  • 4,106
  • 7
  • 31
  • 42
3
votes
1 answer

What is the Difference between burp suite and wireshark? Pros and Cons

I saw many people are talking about these 2 tools Burp suite and Wireshark are best for penetration testing, But I'm curious what are pros and cons each of them? And where will each of them would be better to use with what difference?
H S Umer farooq
  • 683
  • 7
  • 12
3
votes
1 answer

Burp extender ---- How to write a extender of intruder?

Recently, I need to write a custom payload generator in burp's intruder module Then I googled it and do as the articles from internet, but there are two interface, I don't know what to do. Should I implement them both or what ?? Can anyone give me…
anonymous
  • 61
  • 7
3
votes
6 answers

How to intercept local server web requests using Burp in Internet Explorer

I have properly configured Burp to intercept at a proxy location at 127.0.0.1:9090 My Internet Explorer proxy settings are as follows: Also I have a webserver named WebGoat running in http://localhost:8080/WebGoat/ All the requests are not being…
XChikuX
  • 694
  • 1
  • 8
  • 26
3
votes
1 answer

WebSockets and Application Proxy Connection Issues

Does anyone have a websocket connection working with an application proxy (e.g. burp or zap)? For example, I have a working version of jWebSockets with works perfectly on my local machine. However, when I intercept with Burp or Zap the connection…
RND
  • 31
  • 3
1
2 3
15 16