Burp Suite User Forum
Hi together, I have some feedback for the Web Security Academy :) 1. I couldn't find where to put feedback for the labs. So I hope I'm right here. 2. In the "Reflected XSS into attribute with angle brackets...
Hi, why do Burp Professionals's automated scans not detect the open redirection vulnerability in the related "Lab: DOM-based open redirection"...
Was following along with an INE tutorial. Got this message. Wanted to do my small part and report the error. └─# burpsuite 127 ⨯ Jan 21, 2021 12:24:34 PM...
Hi PortSwigger Team, The Professional version scanner is not detecting a simple blind SQL injection in Microsoft SQL server. I know in versions 1.7 and 2.0beta this exact scenario was correctly identified several...
Burp suite professional crash when I change my keyboard layout to Mandarin input (Pinyin) in Mac OS X 10.14.6
I'm having a strange problem on Kali. After installing Burp Community, the startup prompts are all pink and cannot be clicked. I've tried installing with the shell script, the JAR file, and via apt. I've also tried...
Hi, I tried using the Scanner with the latest Burp, but the problem that the Scanner freezes and never ends when the server does not return a response seems to recur. The url says: Unauthenticated crawl. Estimating...
Hi, I have tried to capture login to our solution suites using burp recorded login sequencer and applied the generated json in the burp enterprise edition site settings. All the scan is getting completed with a failure...
message1
I have a website that has the following login form: <form id="example" name="example" method="POST" target="_self" action="https://example.org/e/?login" accept-charset="UTF-8"> <input type="text" name="username"...
Hello, I just wanted to report that the embedded browser in 2020.7 does not launch with a default Parrot OS (https://parrotlinux.org/) configuration. Attempts to launch it return "net.portswigger.devtools.client.a: Refusing...
Burp Pro - has anyone else solved the issue of getting continual Connection Resets like fxxxing hundreds. And not being able to tell what is causing it Also lots and lots of Client failed to negotiate a TLS...
Hi, I'm having issues with this lab,"Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". As soon as I enter the X-Forwarded-Host header, the lab server fails to respond. I've...
Hi, I noticed the advanced scope control mentions you can insert regex, but it does not actually follow correct regex syntax. Asterisk `*`, should be treated as a quantifier, matching zero to unlimited times, however...
Hello I want to use regex to remove those empty lines from the HTTP responses that developers placed there. I used ^ to get the beginning of each line, but what it returns is just the first line of the response and...
1、I need to brute force the username and password fields.See 1. JPG POST /xxx/xxx HTTP/1.1 Host: xxx.xxx.xxx.xxx Connection: close Content-Length: 56 Accept: application/json, text/javascript, /; q=0.01 Origin:...
The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod
After right clicking and selecting "Send to Repeater" the request text becomes mangled (overlapped in some areas). Running Burp 2020.12.1 Professional with Dark theme in Ubuntu 20.
I am getting many, many instances of the "Backup file" issue type. The issue is that the scanner makes a request that is a variant of a legitimate request, for example instead of GET /users/sign_in.json, it will call GET...
Hi, I had my burp pro license at the limit. I wanted to remove it from one machine to activate it on another. So I did remove burp from my computer under the help menu, but it is now neither allowing activating the license...
Page 82 of 142
Your source for help and advice on all things Burp-related.