Stack Overflow
Stack Overflow

Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

237 questions
0
votes
2 answers

"server certificate change is restricted during renegotiation" error in BURP

I'm using BURP and I always get this alert after a while (maybe like 2-3 minutes of use) javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation any idea where that could come from? I don't see anyone…
David 天宇 Wong
  • 2,485
  • 2
  • 29
  • 44
0
votes
1 answer

Security testing in soap ui or Burp suite?

we are testing a secuirty testing for web application. I am new to testing using BURP Suite. I do have extensive knowledge in Soap UI for webservice testing but have NOT used for security testing. Does anybody know the comparison of the tools or…
ChanGan
  • 3,985
  • 9
  • 62
  • 113
0
votes
1 answer

any fix for Open redirection (DOM-based) issue on asp.net webresource.axd file?

When I scanned ASP.NET application using Burp Scanner Tool I got 'Open redirection (DOM-based)' issue in asp.net webresource.axd file. Please let me know if anyone experienced same issue, or if you have any idea or workaround can fix this…
Robin Joseph
  • 1
  • 1
  • 3
0
votes
1 answer

A replacement for HoneyProxy (dumping requests into a directory like structure)?

I'm looking for a HTTP/HTTPS proxy with the capability of dumping the requests into a directory like structure. For example if I request example.com/path/example.html, example.html will be stored in a somedir/example.com/path/example.html in my…
Alex
  • 1,498
  • 3
  • 20
  • 37
0
votes
1 answer

Burp Suite Error "Received fatal alert: handshake_failure"

While using Burp Proxy for a given site I am getting the above error and no response is getting displayed. Received fatal alert: handshake_failure Can anyone help me on this?
Noname
  • 320
  • 3
  • 11
0
votes
1 answer

Certificates between ZAP and BURP

I have both certificates from ZAP and BURP on my browser, and I can surf through SSL websites without problems with each proxy. Now, I am using BURP as my local proxy on port 9090 and I redirect the traffic from BURP to ZAP (listening on port…
aDoN
  • 1,679
  • 4
  • 27
  • 48
0
votes
1 answer

Grep Extract - Extract text value from image source

I am trying to pull a value from my HTML Source code and use it as a Grep Extract. Using Burp Suite's 'Grep - Extract', how do I extract the following text value (in this case the text is hello, but it changes every time and I want to be able to…
KimberleyK
  • 125
  • 1
  • 3
0
votes
3 answers

How to prevent opening an authenticated php web page?

I have admin pages. I need to allow users to access the admin pages if the user is logged in to the admin with correct credentials only. I already checking user is logged in by using session variable in all the admin pages. But still through tools…
BVL KIRAN
  • 1
  • 4
0
votes
1 answer

how to connect to my local proxy via public wifi

is there a way to connect to my PC proxy with burp suite, when i'm not connected to my local network ? I wanted to use my proxy from other places. is there a way to do this ?
user3807117
  • 1
  • 3
0
votes
1 answer

Burp Suite doesn't intercept HTTPS calls from Advanced Rest Client

I'm using burp suite to intercept the calls that I do with the plugin Advanced Rest Client and with a sinatra application that is called by the Advanced Rest Client. I've set it as proxy of my whole system, but still it intercepts only the calls by…
Filnik
  • 943
  • 3
  • 12
  • 25
0
votes
2 answers

Emulator sends get request to google every time at startup

I launched burp as an emulator's proxy for debugging of http requests from my application with intercepting option switched on and at the startup I found that emulator sends a GET request to google: GET /generate_204 HTTP/1.1 User-Agent:…
Alex Bonel
  • 1,126
  • 1
  • 8
  • 21
0
votes
2 answers

error while intercepting a request

I am using Burp suite's proxy feature. I have changed firefox settings as: options > network > settings But when i run http://localhost:8080/project_name in the browser in order to intercept the request,it gives following error: Burp proxy error:…
a Learner
  • 4,608
  • 9
  • 46
  • 87
0
votes
1 answer

Burp Extension Development

Does anybody know of a way to test if the burp scanner has completed when developing burp extensions? I am developing a burp extension that hooks into the scanner and i would like to display my results after the scanner has completed. I do not know…
CBaker
  • 746
  • 2
  • 9
  • 21
0
votes
1 answer

Retrieve Client ios app certificate

I want to proxy traffic from an ios application to Fiddler (or Burp). It looks like the application sends a client certificate to the server. I will need to retrieve this cert from the phone(it's jailbroken) and import it to my proxy. Is there a way…
Spyros
  • 41,000
  • 23
  • 80
  • 121
0
votes
2 answers

How to use JMeter to test encoding in HTTP Request? Burp Suite?

I have to develop a security testing framework to make sure all output in our application is encoded. I have many post & get http requests Each request may have 1 or many parameters What I wanted to do with JMeter: I need to test each parameter…
Victor G
  • 3
  • 2
1 2 3
15
16