Burp Suite User Forum

Login to post

How do I?

If you've got a general question about using Burp Suite, then this is the best place to ask.

Create new post

View all

Feature Requests

Burp's pretty great already, but could we make it even better? Let us know.

Create new post

View all

Burp Extensions

If your query involves a Burp Suite extension (BApp), then this is the forum for you.

Create new post

View all

Bug Reports

Found a bug in Burp Suite? This is the place to let us know. Our devs will thank you.

Create new post

View all

Latest posts

make it work with burpsuite

I got an External Service Interation on a scoped domain via Host Header. Now I am inserting my collaborator's URL into the host header, I am not getting any pingback/response. But it works with cURL with the following...

Last updated: Apr 12, 2021 12:21PM UTC | 0 Agent replies | 0 Community replies | How do I?

How to use burp with flutter based Android applications

Any tips while pen-testing Flutter based Android apps? Since it ignores system proxy and user/system CA certificates you cannot use burp suite easily.

Last updated: Apr 12, 2021 12:05PM UTC | 1 Agent replies | 0 Community replies | How do I?

2FA bypass using a brute-force attack

Hi team, I have tried the 2FA bypass using a brute-force attack multiple times using the intruder and turbo intruder also. I am struggling to solve the lab. Please advise me of any solution for this ...

Last updated: Apr 12, 2021 11:45AM UTC | 1 Agent replies | 0 Community replies | How do I?

Selection option for different types of vulnerabilities

In the configuration, it is very hard to select single vulnerabilities, do we have any alternation to select only single issue type to scan

Last updated: Apr 12, 2021 11:43AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Lab: Arbitrary object injection in PHP

Don't know why i keep running into this fatal error when trying to solve all the Insecure deserialization labs... This is the error i keep running into despite encoding the section cookie twice before pasting the value to a...

Last updated: Apr 12, 2021 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Forced OAuth Profile Linking

Hi, I've followed all the steps PRECISELY and have watched a couple different videos on how to complete this lab. It doesn't work! I've noticed for the videos I've seen the people that are making them can just click "Login...

Last updated: Apr 12, 2021 09:12AM UTC | 2 Agent replies | 1 Community replies | How do I?

Use Set-Cookie received as Response during Cluster Bomb

I am running a simple Cluster Bomb. Every Request sent generates a "Set-Cookie:" with a new JSESSIONID to be changed. How do I include that with every new request using Burp Pro?? Suggestions? There is a regex option...

Last updated: Apr 12, 2021 09:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

Scan API with Burp Suite Pro v2021.3.1

Hi, I saw this post (https://portswigger.net/blog/api-scanning-with-burp-suite) where it mentioned Burp Suite Pro and Enterprise is now able to read the OpenAPI file, however I'm not sure where I can import the OpenAPI...

Last updated: Apr 12, 2021 08:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

Capture TCP traffic

Hello, I wanted to know if it was possible with Burpsuit to capture TCP traffic? Thanks in advance

Last updated: Apr 12, 2021 08:43AM UTC | 1 Agent replies | 0 Community replies | How do I?

"Include relevant extract" in XML Report

Hello, as already requested by other users two years ago (http://forum.portswigger.net/thread/1088/populate-enable-include-relevant-extract) I think it would be very useful to add the "include relevant extract" option also...

Last updated: Apr 12, 2021 08:34AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image