Questions tagged [burp]

Burp is a proxy tool which is used for intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application, allowing you to: Intercept and modify all HTTP/S traffic passing in both directions. Easily analyze all kinds of content, with automatic colorizing of request and response syntax, rendering of web content, and parsing of serialization schemes like AMF.

Note: question about how to use Burp is off-topic on Stack Overflow; please ask question on Super User. This tag is about programming using Burp, that is, Burp Extender.

237 questions

votes

1 answer

Python requests https: code 403 without but code 200 when using BurpSuite

I'm currently trying to scrape retailmenot.com this is how my code looks so far: import requests from collections import OrderedDict s = requests.session() s.headers = OrderedDict() s.headers["Connection"] =…

asked Nov 23 '20 at 11:39

Nazim Kerimbekov

3,965
6
23
48

votes

0 answers

How make android application Proxy Aware (Programmatically)?

When I use any proxy like Burp or Owasp ZAP, I see that many applications follow the proxy path and some doesn't and they just flow data directly. I want to know what code is used for this, so that I can choose my own application to be proxy aware…

android proxy burp

asked Feb 08 '20 at 12:00

Parvesh Monu

votes

4 answers

iOS 13 Burp Suite Proxy Unable to Connect

I am trying to run Burp Suite proxy to do some testing from my phone. I have setup Burp Suite Community Edition 2.1.04 I have set my wifi to use my computer's IP address as the proxy on the correct port in Proxy > Options > Proxy Listeners. From my…

proxy charles-proxy burp

asked Oct 23 '19 at 15:05

user-44651

3,227
4
26
64

votes

0 answers

Not able to intercept traffic from nike.com login request

I'm using BurpSuite to intercept the HTTP/HTTPS requests sent when logging in on https://www.nike.com/. I'm trying to achieve this with the following step: Opening BurpSuite and Firefox Turning on the proxy intercept Turning on FoxyProxy on…

proxy http-proxy man-in-the-middle burp

asked Jul 28 '19 at 09:30

Nazim Kerimbekov

3,965
6
23
48

votes

0 answers

Burp to Powershell with Cookie

The following is a truncated capture from Burp: Forwarding this capture using Burp's repeater generates the expected response. What is the right way to rebuild this into Powershell's Invoke-WebRequest? I have tried the following but no dice. Not…

powershell burp

asked May 18 '19 at 23:04

JustAGuy

3,773
8
33
49

votes

0 answers

WhatsApp Web parameters

I am trying to analyse what is being exchanged between an Android device and browser during WhatsApp Web initialization (when scanning the QR code). The mechanism has being described in a post here: Mechanism behind QR code scanning of whatsapp…

android https wireshark whatsapp burp

asked Oct 15 '18 at 15:51

aandroidtest

1,413
6
37
62

votes

2 answers

Burp Suite Proxy with java application

I have java application that receive proxy settings. I exported der certificate from Burp Suite Imported this certificate to the java keystore with keytool: keytool -import -trustcacerts -file ~/cacert_7.der -alias BURPSUITE -keystore…

java truststore burp

asked May 03 '18 at 14:18

user2264941

votes

1 answer

burp suite REST Api with nodejs

For getting BurpSuite report, I have trying to integrate my application with BurpSuite Scanner by using REST API. Can anyone help me this.

node.js mean-stack burp

asked Mar 26 '18 at 07:23

Nagaraj Nagu

votes

0 answers

Jetty (9.2.13) HTTP client with Socks4Proxy hangs

I'm using Burp's proxy server which is running in background. I have inserted the cacert.der into my java trust store to which my eclipse is pointing to. Now I have the following code…

java jetty burp

asked Jan 15 '18 at 10:51

Dipankar Dey

votes

0 answers

Can't decode Instagram, Facebook HTTPS Packets with Burp Suite

According to the title, Install burp suite on my PC and install burp suite certification on my iPhone. I can decode HTTPS packets exclude large company app, But I can't decode HTTPS packets Instagram and Facebook app. I don't know why I can't decode…

packet packet-capture burp

asked Jan 06 '18 at 14:57

rluisr

votes

1 answer

What exactly is meant by 'External Service Interaction' reported by Burp Suite?

Upon running the Burp Security Suite on our web application, I'm getting an issue like 'External Service Interaction' in a page where there's an textbox for getting email addresses. Think of it like inviting other people to our website. The page is…

security burp client-side-attacks server-side-attacks

asked Oct 15 '17 at 11:23

user937999

votes

1 answer

modify javascript with Burp, if js is in separate file, but gets loaded in the same HTTP response

I am using Burp to intercept and modify server response. The response message has html