tag:blogger.com,1999:blog-8503755746105415394.post7277197514109033..comments2007-06-03T19:59:05.691ZComments on PortSwigger.net - web application security: On-site request forgeryPortSwiggerhttp://www.blogger.com/profile/04744809054520271899noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-8503755746105415394.post-19556799664823016152007-06-03T19:59:00.000Z2007-06-03T19:59:00.000ZDitto on the not having another way to contact you...Ditto on the not having another way to contact you. Love the tool (even mentioned it in the XSS exploits book). There is a thread on http://sla.ckers.org/forum/read.php?11,11937 that asked a good question about automatic payload replacement, that I would rather defer to you to answer. I don't know a way to do this but perhaps you have an idea, or maybe it's a feature request.-RSnakeAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8503755746105415394.post-60004156227977267342007-05-03T16:18:00.000Z2007-05-03T16:18:00.000ZHi,This is a general comment. It's posted here bec...Hi,This is a general comment. It's posted here because I couldn't find any other means to contact you.Regarding Burp Proxy NTLM support: It is possible to have IE process NTLM requests even when using a forward proxy by adding the following header to each response: Proxy-Support: Session-Based-Authentication Using this, there is no need to have Burp manage it's own User/Pass or atleast it would Anonymousnoreply@blogger.com