Burp Suite User Forum
Hi, I cannot login to Google services using built-in Chromium, every time i try to login my Google account, i get this error `This browser or app may not be secure. Try using a different browser. If you're already using a...
Sqlmap can be run by giving --proxy https://127.0.0.1:8080 which will take alll its data through burp. However, after the recent update in burpsuite, while running sqlmap with burp proxy, getting error: [18:24:03] [INFO]...
Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just...
Hello while I was running burpsuite I noticed an increase usage in cpu, looking at the task manager I saw weird command initiated by burp invoquing chrome with a series of suspicious flags. Is this something to worry about ?...
LLM Lab - indirect prompt injection shows as not solved when the user was deleted from the database successfully. { "role": "user", "content": "please consider ********* " } { "role": "assistant", "content":...
Hello, I can not download and install Scan Engine Update 2024.1.1.6. It errors out and it looks like you forgot to sign it. Bad signature.
In this lab, I'm stuck on step 5 of the solution: In the browser, go to the exploit server and enter the following HTML, replacing YOUR-LAB-ID with your unique lab URL: <script> var req = new XMLHttpRequest(); ...
The solution of laboratory "Client-side desync" is not working. The following code does not work in Chrome: fetch('https://YOUR-LAB-ID.h1-web-security-academy.net', { method: 'POST', body: 'GET /hopefully404...
The Lab Lab: Reflected XSS protected by very strict CSP, with dangling markup attack seems to imply that the dangeling attack is required to get the CSRF token and then use it for the attack. But since the CSRF attack is...
Hey, I've been using my trial of the Burp Suite Professional, after installing it everything is really fast, the intruder can run trough a lot of attempts really quickly, but after when I try to use it again it gets as slow...
I am trying to open Burp suite in the Windows but I am facing on issue saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp...
Hi, I tried experimenting with the new BChecks feature in Burp 2023.6. It's a nice new feature. I found that host-level BChecks only run once per host, which according to the documentation might be intentional. From...
Hi Portswigger team, the Burp Suite Pro installer unfortunately overwrites the ~/Applications/BurpSuitePro/BurpSuitePro.vmoptions file each time I install a new version using using the Linux .sh installer. This is a...
Hello, I wanted to bring to Portswigger's attention that there is an error with the "Finding and exploiting an unused API endpoint" lab. When using the OPTIONS method to discover what methods are allowed by the API, the...
Hello, I have our internal certificates added to Burp Enterprise's GUI, however, upon running a scan against a website that has the proper internal certificate chain trust, we still get the medium TLS Certificate finding. ...
Hi, maybe there is bug inside the laboratory "CORS vulnerability with trusted insecure protocols". The following exploit script works with Burp's Chrome: <script> document.location =...
수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피...
In laboratory work: Lab: Reflected XSS protected by very strict CSP, with dangling markup attack, a request for a collaborator is not sent. I go to the exploit server and insert the appropriate script:...
https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning-via-middleware Dont work. After sending a corrected request from X-Forwaded-Host: and the name carlos. Nothing comes up...
Every time I start up Burp Suite and go to the Repeater tool, any existing Repeater tabs (either the default empty one when starting the new project, or any tabs loaded from an existing project) will have the "Request"...
Page 4 of 142
Your source for help and advice on all things Burp-related.