Burp Suite User Forum

Login to post

Setup Private Collaborator

I've been working on this for more days then I'd like to admit. Think I'm just about done but I can't get past this.. It's not able to bind on port 53/TCP Also I don't know where to see details of what the issue is.....

Last updated: Apr 12, 2021 01:38PM UTC | 7 Agent replies | 6 Community replies | How do I?

how to escape the dot character "." in Intruder

Is there anyway I can escape the dot character "." in Intruder? I'm doing an intruder attack with the email as parameter 1, which is "J12934@juice-sh.op", I need to escape the dot in the email address, so I entered ...

Last updated: Apr 12, 2021 01:30PM UTC | 1 Agent replies | 0 Community replies | How do I?

make it work with burpsuite

I got an External Service Interation on a scoped domain via Host Header. Now I am inserting my collaborator's URL into the host header, I am not getting any pingback/response. But it works with cURL with the following...

Last updated: Apr 12, 2021 12:21PM UTC | 0 Agent replies | 0 Community replies | How do I?

How to use burp with flutter based Android applications

Any tips while pen-testing Flutter based Android apps? Since it ignores system proxy and user/system CA certificates you cannot use burp suite easily.

Last updated: Apr 12, 2021 12:05PM UTC | 1 Agent replies | 0 Community replies | How do I?

2FA bypass using a brute-force attack

Hi team, I have tried the 2FA bypass using a brute-force attack multiple times using the intruder and turbo intruder also. I am struggling to solve the lab. Please advise me of any solution for this ...

Last updated: Apr 12, 2021 11:45AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Arbitrary object injection in PHP

Don't know why i keep running into this fatal error when trying to solve all the Insecure deserialization labs... This is the error i keep running into despite encoding the section cookie twice before pasting the value to a...

Last updated: Apr 12, 2021 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Forced OAuth Profile Linking

Hi, I've followed all the steps PRECISELY and have watched a couple different videos on how to complete this lab. It doesn't work! I've noticed for the videos I've seen the people that are making them can just click "Login...

Last updated: Apr 12, 2021 09:12AM UTC | 2 Agent replies | 1 Community replies | How do I?

Use Set-Cookie received as Response during Cluster Bomb

I am running a simple Cluster Bomb. Every Request sent generates a "Set-Cookie:" with a new JSESSIONID to be changed. How do I include that with every new request using Burp Pro?? Suggestions? There is a regex option...

Last updated: Apr 12, 2021 09:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

Scan API with Burp Suite Pro v2021.3.1

Hi, I saw this post (https://portswigger.net/blog/api-scanning-with-burp-suite) where it mentioned Burp Suite Pro and Enterprise is now able to read the OpenAPI file, however I'm not sure where I can import the OpenAPI...

Last updated: Apr 12, 2021 08:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

Capture TCP traffic

Hello, I wanted to know if it was possible with Burpsuit to capture TCP traffic? Thanks in advance

Last updated: Apr 12, 2021 08:43AM UTC | 1 Agent replies | 0 Community replies | How do I?

Intercept a POST request, but a parameter is missing in HTTP response

I was intercepted a request from Protonmail (https://protonmail.com). But in the HTTP response password parameter is missing. I forget the password of my protonmail account and I have add recovery email in my protonmail...

Last updated: Apr 12, 2021 08:31AM UTC | 1 Agent replies | 0 Community replies | How do I?

buy burp professional version

I am trying to buy a professional version. However, it needs both a company email and company name. I am unemployed and I need to buy one for my personal training. What should I do? Best, Betty

Last updated: Apr 12, 2021 07:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

GET request capture by interceptor not showing parameters.

Hi,I'm practicing brute force attack in DVWA (Windows and Firefox browser) when my burp suite intercepter capture GET request it not showing me parameters like username and password... Please help!!

Last updated: Apr 10, 2021 12:47PM UTC | 1 Agent replies | 2 Community replies | How do I?

Exploit Server

good day. how can I set up a test exploit server or if there is any option online that can be used to test the http atacks part. Cheers...

Last updated: Apr 10, 2021 10:51AM UTC | 3 Agent replies | 5 Community replies | How do I?

Intercept a POST request, but a parameter is missing in HTTP response

I was intercepted a request from Protonmail (https://protonmail.com). But in the HTTP response password parameter is missing. I forget the password of my protonmail account and I have add recovery email in my protonmail...

Last updated: Apr 09, 2021 08:06PM UTC | 0 Agent replies | 0 Community replies | How do I?

Providing a local OpenAPI/Swagger file during scanning

Dear Burp support, According to [1], the scanner is able to parse OpenAPI documents it encounters. However, the API that I want to scan does not provide a documentation on any endpoints, but I do have a local OpenAPI...

Last updated: Apr 09, 2021 02:59PM UTC | 1 Agent replies | 0 Community replies | How do I?

HEX view

Hello, Since the addition of the inspector panel (btw, a very cool addition), I can't find a way to view the hex representation of requests and responses in the message editor. Can I have an explanation on how to do...

Last updated: Apr 09, 2021 12:58PM UTC | 3 Agent replies | 5 Community replies | How do I?

How do I use Burpsuite to scan the requests created during execution of TestCafe scripts

We are using TestCafe as our Automation testing tool and running its scripts to get security threats of web application. Since TestCafe use local IP address, port and session ID in the URL before actual application URL,...

Last updated: Apr 09, 2021 10:36AM UTC | 2 Agent replies | 1 Community replies | How do I?

Unable to activate the license

Dear team, Post login with Enterprise credentials, no window has been prompted to activate license. Referred to the below URL. Please assist here. ...

Last updated: Apr 09, 2021 09:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Intercept mobile device network using BurpSuitePro

Hi, I have recently setup a BurpSuite on MacBook running on MacOS 11.2.3 (Big Sur) and would wish to intercept the network traffic on mobile devices (Android and iOS). I have followed the setup listed...

Last updated: Apr 09, 2021 09:43AM UTC | 2 Agent replies | 1 Community replies | How do I?

Page 1 of 168

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image