Burp Suite User Forum
I have an application running on http://localhost:3000. It does not use https, and I've set a hostname in my /etc/hosts file so that I can access it via http://myapp:3000 Any time I attempt to load http://myapp:3000 in...
Consider the following scenario: In a new Burp project, you scan a website, and it gives you the following finding: ``` #1 XSS GET /?param=testag6vc%3cscript%3ealert(1)%3c%2fscript%3eln0yc param is vulnerable to...
I have tried to run burpgpt extension with burp-suite professional and getting the error message “javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure”, kindly assist to resolve the error.
Hi guys, I have noticed a problem in the payload you suggested for solving the lab "CSRF vulnerability with no defenses", namely in this specific part: name="email"...
Hello, I tried every way to solve the lab but I couldn't get any results. I think there is something wrong with some labs. I faced the same problem before. Should i send email to support's mail?
I have the official version of Burp Suite Pro and after upgrading to an Apple silicon (M3) I am running into an issue. After launching Burp Suite and getting to the "Starting project, please wait ..." step, which is right at...
After having issues with Oracle Java that I had to uninstall, I upgraded to the Burp Suite Pro to v2023.10.2.3 (installed version on Windows 11). When selecting the Use Burp Defaults configuration for the project, and trying...
We are using Burpsuite Enterprise and found that Jetty 9.4.49.v20220914 is in use on port 8095.
It appears that there is no simulated user to view the poisoned JS file and get an alert() no matter how often the cache is poisoned. This means it doesn't seem possible to solve this. Is the simulated user visiting the...
Hello, I am experiencing problems this morning with the All Labs button not appearing in order to access the labs. I have tried changing Browser to clear cache but nothing works. Can you please give me information about...
Hi there, I am running into issues when polling a private collaboration server over HTTPS. I receive "No connections to the polling server at <> could be opened. The collaborator will not work in this configuration." when...
Hello, I'm having trouble locating the 'Proxy' tab, which is hindering my ability to intercept requests. Attached are relevant screenshots for...
I am trying to perform some tests on a website which domain name contains the underscore character '_' , the browser throws a 'ERR_SSL_PROTOCOL_ERROR', it doesn't even intercept requests made to the website and the only...
See the following issue report on one such exploit that Burp breaks: https://github.com/W01fh4cker/CVE-2023-46747-RCE/issues/3 Basically, the exploit relies on using the 'Transfer-Encoding: chunked, chunked' header with a...
when i am try to access Lab: Multistep clickjacking my account --> login when i put the correct username and password which are wiener:peter i got Invalid username or password.
So, no matter what I do, I can't seem to finish this lab. At first I thought I was being dumb, but then I checked the solution and that won't work either. Instead of executing the code, it's just returning the code...
Hello, Not sure if it is really a bug, but I found some strange behavior with burp scanner, let's make an example: I log inside a web application and I get a cookie like "PHPSESSID=ABC", then I log out the application...
hello I noticed that with every new update of Burp, the vmoptions.txt file is reverted back to its defaults. Is it possible to have this file persist through updates?
please tell solution . when i browse and intercept and request is forward then error show is unknown host
Perhaps there is a scenario I'm missing where this is a useful feature, but I suspect it is a bug. You have two tokens: abc.oastify.com xyz.oastify.com You make a request `curl -X https://abc.oastify.com -d...
Page 22 of 152
Your source for help and advice on all things Burp-related.