Burp Suite User Forum
For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.
In this lab, there seems to be a problem with the victim accessing the link. No matter what payload is being sent, the logs don't show the victims's IP address, showing they never accessed it, so the lab can't be finished.
Hello, I am using Burp Suite Professional and when completing the labs it randomly gives me an 504 Gateway Timeout. I have to close the lab completely and load it again, which consumes time because it does it quite a lot. Is...
Hello, I am using Burp Suite Professional version 2024.7.4-31588. In this version, I am adding a custom header using the "Match and Replace" section under the proxy settings. For example, if the header I add is "TEST,"...
Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just...
When i try embed the iframe of the page with the delete account button my session is not included in the iframe. Instead of showing the myaccount page it shows the login page.
I am running Burpsuite community edition latest version (v2024.6.6) on Ubuntu 22.04 and when i try to open the browser from proxy tab it doesn't open without showing any errors in terminal and in GUI it simply says "Burp...
Hello, The Copy to file/Paste from file options in the Burp Suite Repeater tab is not functioning as expected when sending a WebSocket request.
I am currently trying to access the 2fa-bypass-using-a-brute-force-attack lab and it takes forever to load the webpage. 99% of the time the connection times out. I have tried chrome, firefox, edge, and a different computer....
Hello! Please advise in following: I had an exam on your platform, May 29th, 2023, and failed it. Considering that the first lab was resolved in 30 minute, but the next one took me more than 3,5 hours without any...
noticing an issue with the chromium browser opened by burp suite, essentially run into multiple sites with the same error, an unknown error has occurred. Request is still getting logged, with no response GET /...
the following labs don't trigger a "lab solved" when using the intended solutions: Reflected XSS with AngularJS sandbox escape and CSP Reflected XSS protected by very strict CSP, with dangling markup attack
The goal is to trigger a stored XSS via alert(). My alert() works, but the lab is not solved (I got the lab via Mystic Lab). I also tried it with the solution payload in case the lab can really only be solved with an...
I am just starting and going thru the tutorial I was able to intercept and modify a request and get responses. but when I select from HTTP history as the tutorial says, and send to repeater, when I click send on repeater...
Hi there, Context: https://portswigger.net/web-security/cors/lab-null-origin-whitelisted-attack Issue: Exploit does not trigger, when viewing the exploit on Firefox or Chromium. Still works on Google Chrome (unless you...
java 21 ,when I use the intruder ,set the resource pool,it tells me "Resource pool - Invalid concurrent requests - min 1 max 999",no matter what number the Maximum concurrent requests is set。is this a bug ,or something wrong...
<iframe sandbox="allow-scripts allow-top-navigation allow-forms" srcdoc="<script> var req = new XMLHttpRequest(); req.onload = reqListener; ...
Request: GET /files/cmd.php?cmd=cat+/home/carlos/secret HTTP/2 Host: 0a9600c004a6188d80a8bdb500860051.web-security-academy.net Cookie: session=MS2htmTGD9xkK2AK907aZFLSnR7mdeBV User-Agent: Mozilla/5.0 (Macintosh; Intel...
I've got a "X-Cache: miss" everytime I send my request within the 30 s...
Hello, This issue keeps repeating on every lab I'm trying. I keep retrying until the lab loads, which could sometimes work after the 5-10 tries, and sometimes I can try over 50 times, when the page suddenly loads and works...
I have done the exam and for one of the apps burpsuite did not find anything. From what I saw in the app it seemed that at least the first stage was through web cache. Could someone confirm if the app was wrong?...
Page 8 of 155
Your source for help and advice on all things Burp-related.