Burp Suite User Forum
Here is the intruder position i have set for port academy lab: GET /filter?category=Gifts HTTP/1.1 Host: 0a7b002803336d41c08ad10900000088.web-security-academy.net Cookie:...
Hi Portswigger Team, I have a weird behavior in Burp Suite Pro v2023.1.2 Build 18945. When I am using the integrated chromium the dominvader plugin removes the CSP even though dominvader itself and prototype pollution is...
It appears that there is no simulated user to view the poisoned JS file and get an alert() no matter how often the cache is poisoned. This means it doesn't seem possible to solve this. Is the simulated user visiting the...
Hi, I'm refering to a challenge at https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-arbitrary-object-injection-in-php. It's strange because the payload I thought should work didn't? (or...
I have tried replicating the attack multiple times in multiple modes, looking at both solutions and other walktroughs found on the net, but it does not work. I take the POST, send it to the intruder, in position I put...
The username and password detailed in the lab description wiener:peter don't seem to work for this lab. I tried many times using the password specified but I still get "Invalid username/email or password." Is this a...
Hello! Is the "CORS vulnerability with basic origin reflection" lab currently working? I have tried many variations of the solution and none of them successfully complete the lab
Just freshly installed Burp Suite Professional version 2023.1.2 Launched built-in web browser from Proxy -> Open browser. Tried to connect to https://www.google.com and received No response received from remote server....
I am trying to scan an API with Burp Suite Enterprise and I'm getting an error: "Skipping API definition. The data in the definition file is malformed and cannot be read by Burp Scanner. Cause Burp Scanner needs to be...
Hi, I have had a few instances of DOM XSS flagged but I'm thinking its a FP: function gBU() { var protocol = window.location.protocol; var port = window.location.port; var host =...
Burp Pro v2023.1.2 (and previous versions) installed on Mac (not a standalone JAR) keeps hanging and has to be forcefully closed, if the user chooses to 'request items again' for the intruder scan which is still running.
I click the "Access the lab" button on https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data and the resulting page (https://0a83005204743cb7c065138600cf008d.web-security-academy.net/) does not load the...
Hello, I get the below error. "XML parser exited with error: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 108; Premature end of file." Here are my payloads. Exploit server: <!ENTITY % file SYSTEM...
I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...
Burp starts to randomly fail, Proxy Interception will always display an old request that was long processed and that won't go away, even if I turn interception off, send a couple of requests and turn it on again. Burp is...
I realized that when proxying though burp the headers are forwarded capitalized. Ex.: The OPTIONS request returns "Access-Control-Allow-Headers: x-accesstoken" The request in the browser contains the token in...
Hi! I've got an issue when hotkeys like copy/paste don't work in some tabs (like Proxy, Repeater and Settings) but work in other tabs (like Decoder). There are similar topics on the forum, but the only root cause I saw...
Hi, Since yesterday, I have been unable to view all the request/response data in the Proxy > HTTP History section of BurpSuite Pro. Whenever I try to filter the data, I receive the following exception (as logged in the...
Hi, Since upgrading to Burp Suite 2023.1.2, myself and colleagues have experienced issues with the function of the Burp extensions Collaborator Everywhere and Log4Shell Everywhere. When installed and loaded, both...
At the moment we are evaluating the BSEE solution and faced an issue with using recorded login sequences. The application sends an error "The scan is configured to use recorded login sequences. This requires browser-powered...
Page 4 of 121
Your source for help and advice on all things Burp-related.