Burp Suite User Forum

Login to post

Labs Failing to Respond

Hi, I'm having issues with this lab,"Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". As soon as I enter the X-Forwarded-Host header, the lab server fails to respond. I've...

Last updated: Jan 15, 2021 07:19PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

With IOS 14 iphone, the traffic is being intercepted between the client and server, but I'm unable to connect to the site on iphone.

When I go to any site via safari on iphone(ios 14), I'm getting "This connection is not private" and when I hit the option to visit this site, I'm still not able to connect to the site. However, I'm seeing the traffic in...

Last updated: Jan 15, 2021 09:47AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

burp community-failed to connect to website.com:443

Hi, I'm trying to connect to website using burp chromium browser. But most of the time, the loading end by an error screen saying "failed to connect to website.com:443" I searched but didn't fought any awnser that helped...

Last updated: Jan 15, 2021 08:22AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Advanced Scope Control does not follow correct regex syntax

Hi, I noticed the advanced scope control mentions you can insert regex, but it does not actually follow correct regex syntax. Asterisk `*`, should be treated as a quantifier, matching zero to unlimited times, however...

Last updated: Jan 14, 2021 02:57PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

RegEx does not work properly on HTTP Request and Response

Hello I want to use regex to remove those empty lines from the HTTP responses that developers placed there. I used ^ to get the beginning of each line, but what it returns is just the first line of the response and...

Last updated: Jan 14, 2021 02:57PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Logic error in lntruder module

1、I need to brute force the username and password fields.See 1. JPG POST /xxx/xxx HTTP/1.1 Host: xxx.xxx.xxx.xxx Connection: close Content-Length: 56 Accept: application/json, text/javascript, /; q=0.01 Origin:...

Last updated: Jan 13, 2021 03:12PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Smart decode is not smart

The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod

Last updated: Jan 13, 2021 02:23PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Request Text Mangling in Proxy

After right clicking and selecting "Send to Repeater" the request text becomes mangled (overlapped in some areas). Running Burp 2020.12.1 Professional with Dark theme in Ubuntu 20.

Last updated: Jan 12, 2021 03:58PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Backup file false positives

I am getting many, many instances of the "Backup file" issue type. The issue is that the scanner makes a request that is a variant of a legitimate request, for example instead of GET /users/sign_in.json, it will call GET...

Last updated: Jan 12, 2021 03:18PM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Unable to reactivate license after removing burp from computer

Hi, I had my burp pro license at the limit. I wanted to remove it from one machine to activate it on another. So I did remove burp from my computer under the help menu, but it is now neither allowing activating the license...

Last updated: Jan 12, 2021 12:43PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab access control user role can be modified in user profile

Hi, I solved it once before but now I was revising and I think it crashed because when I logged in my user using the provided credentials wiener:peter then I went to my account page and then I submitted an updated email...

Last updated: Jan 11, 2021 12:48PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Failed to replay recorded login sequences

I followed the recorded login sequences instruction and successfully generated JSON objects for application login data. But I'm not able to replay and validate the data. All I see is a blank webpage during the replay. I...

Last updated: Jan 11, 2021 10:52AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

SQL injection UNION attack, retrieving data from other tables

administrators password not working......... no problem with carlos and wieners

Last updated: Jan 11, 2021 10:27AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Intruder crashes Burp when using SOCKS5 proxy with DNS through proxy

Whenever I set Burp to go via a SOCKS5 proxy and I tick the box to send DNS requests through the proxy, everything works fine (proxy, repeater, etc) except Intruder, which shows an error "Failed to resolve hostname" and then...

Last updated: Jan 11, 2021 10:08AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp becomes unusable over a Socks proxy

When connecting my browser to a Socks proxy I see expected page loading speeds but when I connect my browser to burp and burp to a Socks proxy burp takes forever to get the response and forward it to the browser if at all....

Last updated: Jan 11, 2021 09:52AM UTC | 3 Agent replies | 0 Community replies | Bug Reports

Lab access control user role can be modified in user profile

Hi, I solved it once before but now I was revising and I think it crashed because when I logged in my user using the provided credentials wiener:peter then I went to my account page and then I submitted an updated email...

Last updated: Jan 09, 2021 10:05PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Lab: SQL injection UNION attack, retrieving data from other tables

Hi, I am using the following payload in Burp Suite to get response containing usernames and passwords. GET /filter?category=Accessories'+UNION+SELECT+username,+password+FROM+users-- HTTP/1.1 I managed to get the...

Last updated: Jan 09, 2021 09:31AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Recursive Grep results are not used in the following request

Hi, I'm making my first steps with Burp and try using intruder for finding the password of an phpmyadmin interface. For that I use a pitchfork attack with a recursive grep to find the session_id and the token....

Last updated: Jan 08, 2021 01:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

There is an issue with the "user role can be modified in the user profile" lab

I can't solve the lab because, there is no json body to manipulate when forwarding the request to update the user email. As a result, there is no json data called role id in the response body. Please i'll really appreciate...

Last updated: Jan 08, 2021 10:32AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

On installation of Burp Suite Enterprise Edition on my Mac I am getting an error

The error says Unknown installation problem. Failed to connect to enterprise server.

Last updated: Jan 07, 2021 06:33PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Page 5 of 70

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image