Burp Suite User Forum

Login to post

How do I?

If you've got a general question about using Burp Suite, then this is the best place to ask.

Create new post

View all

Feature Requests

Burp's pretty great already, but could we make it even better? Let us know.

Create new post

View all

Burp Extensions

If your query involves a Burp Suite extension (BApp), then this is the forum for you.

Create new post

View all

Bug Reports

Found a bug in Burp Suite? This is the place to let us know. Our devs will thank you.

Create new post

View all

Latest posts

Project Override Upstream Proxy Servers - Autopopulating and causing infinite proxy loop

I'm having an issue when I try to proxy chain to Fiddler in a corporate environment. I had previously used Fiddler to handle PAC rules to authenticate to outbound web proxy server (NTLM) for external assets and direct...

Last updated: Sep 24, 2020 10:12PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Bug causes Request Smuggling False Positive

I noted a bug in the request smuggling vulnerability claims. Two requests are quoted, one with a request and a response. The second is provided with a request and no response. The second lacks the two CRLF's required to...

Last updated: Sep 24, 2020 06:59PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Dynamic analysis - Cross-site scripting (DOM-based)

After scanning my application I have Cross-site scripting (DOM-based) reported, details below: Data is read from input.value and passed to jQuery.replaceWith. The source element has id BasicData_CertificateIssueDate and...

Last updated: Sep 24, 2020 05:47PM UTC | 1 Agent replies | 1 Community replies | How do I?

SQL INJECTION

I GOT AN ERROR(INTERNAL SERVER ERROR) WHILE SOLVING THESE CHALLENGES EVEN AFTER SEEING THE SOLUTIONS KINDLY PLEASE HELP ME 1)SQL injection attack, querying the database type and version on MySQL and...

Last updated: Sep 24, 2020 05:31PM UTC | 0 Agent replies | 0 Community replies | How do I?

Automating Burp Pro - docker issues (Activation & REST API availability)

Hi, I'm attempting to automate Burp licensing and run Burp with the REST API in headless mode via a Docker container. This is how I'm invoking Burp: "java -Djava.awt.headless=true -jar scanners/burp/burpsuite_pro.jar...

Last updated: Sep 24, 2020 03:25PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Burp hangs when using http request smuggler

Hello team Burp get hanged when Using request smuggling extension Here is the youtube video https://youtu.be/V3IHU8MDTQA

Last updated: Sep 24, 2020 01:55PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Lab: Modifying serialized data types

I have a problem with this perticular lab. I've followed the solution as well and still cannot access the admin account. I have a firefox web browser. Pasted in this in the cookies by pressing...

Last updated: Sep 24, 2020 01:51PM UTC | 6 Agent replies | 7 Community replies | How do I?

Requests showing -1 status and response length

Requests not returning any response after executing. When i installed logger++ , it shows me Requests showing -1 status and response length.

Last updated: Sep 24, 2020 11:30AM UTC | 4 Agent replies | 4 Community replies | How do I?

getProxyInterceptionEnabled() ?

Hello, For an extension I'm developing, I'd like to have the getter counterpart of setProxyInterceptionEnabled(), that would return either the proxy is enabled or not. I'm not able to find it anywhere, neither another...

Last updated: Sep 24, 2020 11:30AM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Renaming Configuration name

Hi, I would love to retain old name of Configuration I chose prior to editing, or being able to set a new one. When I create an Audit configuration like "Audit only parameters", but I want to tweak it on-the-fly (e.g. by...

Last updated: Sep 24, 2020 11:19AM UTC | 3 Agent replies | 2 Community replies | Feature Requests

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image