How do I? - Burp Suite User Forum

retrieval of hidden data

I'm trying to practice sql injection lab. I don't know why this url mentioned in the lab "https://insecure-website.com/products?category=Gifts" is not opening. It is throwing this error "The requested URL was not found on...

Lab: 2FA bypass using a brute-force attack

I have been working on this one for a while. Outside the corporate network and working from home, I have found the responses came back very slowly compared to some other similar labs I have run. Therefore, when I ran my...

Response manipulation

How can i intercept response and do manipulation on it?

Not able to locate the file

OS: Windows 10 Pro I downloaded Burp Suite Community Edition. When I run the exe file, everything went fine but I couldn't locate the file to open Burp Suite. I tried uninstalling and re-installed it but still couldn't...

error in text

hi i have an error in my test it showing as squares can you help me

getting twitch error code

Hello everyone I 'm new here. Twitch showing me error code 5000 content not available. I tried several times but error didn't go. could suggest something so I can out from this problem.

Lab Not Working Properly

I am trying to solve this lab(Exploiting HTTP request smuggling to perform web cache poisoning) But seems it is not working properly i tried as per video solution by Micheal sommer. Request:- POST / HTTP/1.1 Host:...

Allowing the symbol "&" to be part of a string, instead of being something else

Hello, I've been trying to add the symbol "&" as part of a string in my POST request yet, I can't find out how. I tried backslash, "`", etc. I would truly appreciate it if you could help me out as soon as possible. Thank...

Use Match and Replace to add a script to the head on certain pages / domains?

Hi I need to add a certain script on all pages containing a head tag. Basically replacing: <head> something something something With: <head> <script src="my/path"></script> something something ...

installation path in azure

During the installation of Burp Suite Enterprise in On-Premise, the software indicates a default path where Burp Enterprise will be installed, in case of Linux path: / var / log / BurpSuiteEnterpriseEdition, in windows c: \...

Crawler not crawling thorough enough

Hi there, Burp Pro v2020.12.1. I have an application and I managed to make the headed crawler login properly. After the login credentials were entered the crawler needs to figure out it can supply *any* 2fa code in the...

Schedule a scan with the Burp Enterprise graphql API

I'm trying to schedule a scan with the Burp Enterprise graphql API, but it alwas returns an unexpected error. An example query would be: mutation Schedule { create_schedule_item(input: { site_id: "1", ...

Burp REST API scanning

Hello, Is there a way to use Burp PRO's REST API to scan all URLs in an existing sitemap? I noticed that the POST /scan request will initiate a Crawl & Audit task in Burp, but it will not take the sitemap as an...

Upgrade Java to current version in Burpsuite Enterprise

I need to upgrade Java to the current version in Burpsuite Enterprise for security. I am using Burp Ent linux v2020_2. It is now using Java 9.0.4+11, which is not current. What is the procedure? What version of Java would...

Supported/Recomended version of JRE with Burpsuite professional 2.1.07 and latest

Team, I have been using BurpSuite professional v2.1.07 in Windows 7 OS w/ Oracle JRE 8 for quite some time. (as part of automation we run BS from commadline by executing .jar file) Recently, I setup a new virtual...

JRE Warning

Your JRE appears to be version 13.0.1 from oracle Corporation Burp has not been fully tested on this platform and you may experience problems. Please, help me how to use burp withour this error? Thanks.

Engagement tools > Content discovery to site map

Hello, I just discovered this awesome feature in the engagements tools. The only "problem" is How to add the discovered content to the main site map?? I checked the "Add discovered content to the suite site map" and...

I cannot login using the credentials, weiner:peter

I was trying to solve the labs to learn about the cors vulnerability. but for some reason, I cannot login to the webapp using the given details, weiner:peter

burp intruder match/replace invalid regex

burp intruder's match/replace rule applies for FILE} but says invalid regex for {FILE}.

Exclude CSS Files [Burp Suite Enterprise]

How can I exclude CSS files from being crawled and audited in Burp Suite Enterprise? The configuration settings are not as granular as in Burp Suite Pro. Thank you.