Burp Suite User Forum
For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.
Hi, for some reason I started receiving an Unauthorized response during the lab "Manipulating the WebSocket handshake to exploit vulnerabilities" This only occurs at the /chat endpoint Request url (GET from...
Hi, I want to create a session handling rule with an appropriate Macro. When configuring the item I want to use a value in my request that "Derives from prior response". But the problem I have is that I only can "Use...
The second payload position for the cluster bomb attack type, keeps using the same password through out the attack. Instead of each email and password pair, or each username and password pair.
I'm encountering an issue with Burp where the copy-paste functionality does not work within the Repeater tab. However, the copy-paste works fine in the search bar of the application. I am using Colemak keyboard layout. It...
Hi, I have been able to get the alert to popup in the "Client-side prototype pollution via flawed sanitization" lab, but it does not mark as solved. I also checked the correct solution and tried that as well, but no...
https://portswigger.net/web-security/clickjacking/lab-basic-csrf-protected I have tried with firefox and chrome.I am doing exactly what the solution says and I have also watched the community solutions.But none of them work...
https://youtu.be/EKFt25C6sdQ <--video
I get this error when loading Burp with a stored project. Update blocked An update is available, but we are unable to install it because your Burp Suite installation directory /Applications/Burp Suite Professional.app,...
Hi, I'm recently trying to solve the Business Logic Lab (https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-low-level). After many tries, I couldn't solve the lab and when I try to follow and...
Hi team. When doing the "Exploiting path mapping for web cache deception" lab I created and applied (also saved) the following Bambda, ========== if (requestResponse.contains("X-Cache: hit",true)) { ...
Hi! I'm struggling to proxy traffic via Burp and keep getting "Remote host terminated the handshake" on a particular domain I'm testing. It works on other websites. Things I've tried: - Multiple browsers (firefox,...
When crawling a web site, using crawling and audit's default settings. my project file size grows almost to 20GB. And when the project file gets that big, the backups will also file (not enough space on my disk). When i...
Dear support, In the lab mentioned in the title, whenever I click on "deliver exploit to victim" in the exploit server, the victim does not make a get request to the /exploit file of the exploit server. More precisely,...
I have a VM with Linux distro on it and I installed Burp community and the first thing I did was select the open browser button from the proxy tab, it did not open. I then configured settings like my safari browser settings...
Hello, I have an issue with exploit server in all labs in Oauth authentication when deliver exploit to victim they don't open the /exploit path i don't get any log about if victim request this path i even tried to leave the...
In the repeater, Content-Length header is update even the "Update Content-Length" option is unchecked, I found this when I follow the lab "HTTP request smuggling". When check with the Logger show that Content-Length is...
I upgraded my Burp Suite this morning, and upon reopening the Burp browser, I got a message stating Burp Suite was turned off. When viewing the extension in My Extensions, it has a red exclamation mark and says, "This...
Hi, maybe there is bug inside the laboratory "CORS vulnerability with trusted insecure protocols". The following exploit script works with Burp's Chrome: <script> document.location =...
I'm encountering a problem with Burp Suite's Intruder tool where payloads are being placed in the wrong fields during an attack. In both Sniper and Pitchfork attack modes, I've marked two different positions in my request:...
Lab-URL: https://portswigger.net/web-security/csrf/bypassing-referer-based-defenses/lab-referer-validation-broken I found a solution that works when I tested with `wiener:peter` but it doesn't get accepted when I deliver...
Page 3 of 156
Your source for help and advice on all things Burp-related.