Burp Suite User Forum

Create new post

Latest posts

Lab: DOM XSS in jQuery selector sink using a hashchange event

Hello! I managed to trigger the XSS payload on the exploit server but the lab is not marked as solved. I used this payload for the response body on the exploit server: <iframe...

Last updated: Jul 17, 2024 12:12PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

How to reset a lab

Hello Support, I was trying the "Lab: Basic clickjacking with CSRF token protection" but I tried to intercept server response and changed the post for change email with delete account. Now I'm unable to login using the...

Last updated: Jul 17, 2024 11:23AM UTC | 11 Agent replies | 15 Community replies | How do I?

Burp Browser displays "ERR_CONNECTION_RESET" on new M3 Macbook Pro

Hi! Long time Burp Pro user (4 years). Having trouble with the Burp Browser on M3 macbook pro. VPN is off, AntiVirus is off, Proxy setting offs. Does not work on multiple WiFi networks including hotspot. Any additional...

Last updated: Jul 17, 2024 11:22AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Faulty Lab: "CORS vulnerability with trusted insecure protocols"

Hi, maybe there is bug inside the laboratory "CORS vulnerability with trusted insecure protocols". The following exploit script works with Burp's Chrome: <script> document.location =...

Last updated: Jul 17, 2024 10:17AM UTC | 9 Agent replies | 10 Community replies | Bug Reports

Chromium Settings per Project

Hi Portswigger-Team, I would love to see, that chromium settings (open last tabs etc.) are saved in the project/save files and only applied if I reopen the project (only for the built-in browser of course). Like when I...

Last updated: Jul 17, 2024 10:03AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Lab: Exploiting cross-site scripting to capture passwords

Hello! I think the description of what the simulated victim does should be updated on this lab. I used XSS to relace the current page content with the login form (after fetching it dynamically), then hook on the submit...

Last updated: Jul 17, 2024 09:48AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Active scan checking for categories outside of selected issue categories

Hello, Firstly, can't thank you folks enough for this awesome tool. I am trying to play around with the active scan under the "Issues Reported" section of the configuration. I have created a custom configuration in my...

Last updated: Jul 17, 2024 08:14AM UTC | 0 Agent replies | 0 Community replies | How do I?

Lab Throwing 504 Error

Hello, Lab: SameSite Lax bypass via cookie refresh Is throwing a 504 Gateway time-out error, I had no issue working and using other labs in CSRF and this one will not load. The lab might need to be reset. Thank you

Last updated: Jul 17, 2024 07:31AM UTC | 2 Agent replies | 5 Community replies | Bug Reports

Labs keep crashing

Hi, I am currently doing the API labs. Every time i try to do a lab in the academy, the servers keep crashing and i have to wait approx 10 minutes for them to come back online and start working again..Just for them to...

Last updated: Jul 17, 2024 07:29AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Flipping bit Attack and Character Frobber

I was wondering if you could share with me how I could effectively perform a Flipping bit attack and Character robbery by using the Burp suite to uncover an encrypted base attack in the application that impacts the...

Last updated: Jul 17, 2024 12:43AM UTC | 0 Agent replies | 0 Community replies | How do I?

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image