Burp community forum
Hello, I'm trying to figure out what is going on under the hood but with no luck so far. Trying following as a possible solution I don't understand why the Response is "Unrecognized method G0POST" Why there is a zero...
Please help me with decrypting or encrpting password hashes when i try to hash/ de-hash using decoder the text appears to be scrambled
In this Lab which user to simulate as the lab does not give option to create a new user , post comments in the blog with new user , Login as another user , view the new user blog , exfiltrate the another user cookie and send...
I'm trying to generate a HMAC token on each request. I have an API that needs to launch first with custom HMAC headers to generate token. After that I have another API calls that needs that generated tokens. What I've...
I have deleted the given user by mistake, now i can't access the lab. kindly advise with required steps to reset the lab or user credentials.
Hi Folks, I have the following test use case with Burp and i kindly request your insight to resolving this: 1. I need to showcase a proof that a windows client (target) doesnt perform signature validation on the client...
Hello, I am trying to install Burp Suite Enterprise from the command line. The server that will be running it is on a virtualized server that has no ability to do a GUI install. Is there anyway to do this through CLI?
Hi, I'm using Burp Suite Enterprise (Version: 1.1.04-2579, Java version: 9.0.4) and configured a new scan with crawl and audit into the OWASP Juice Shop (https://juice-shop.herokuapp.com). This application is written...
Information ------------------------------------------------------------ Version : Burp 1.7.32 (Professional) Burp Proxy Server : Kali Linux Certificate : Android Device 7.0...
When doing an unattended install from a response file generated by a previous install, e.g. `./burpsuite_enterprise_linux_v1_1_02.sh -q -varfile response.varfile`, what's the administrator password set to? The password from...
I am wondering if I am using wrong version JVM or Burp Suite. Recently our organization renewed the Burp Suite Professional v1.6.21. In account to that I see an alert message each time I launch as "You appear to be using...
I'm trying to setup a session rule for Burp Scanner, is it possible to create a session/macro for the following scenario? Scenario: Webpage #1: POST Request http://example.com filename=payload Webpage #2:GET...
Hi Team, As i have been trying scan same application in both Burp Pro v2020 and Burp Enterprise both. I have initiated scan in pro which got completed in 10mins whereas i am using the same Burp pro JSON file in...
My application has a login form with 3 fields. Username Password and an ID. How do get enterprise to log in and scan past the login page? The application is simple, no fancy js doing the login, no https in my dev...
Hi Team, We want to do a POC on Burp Suite Professional version and interested in purchasing the license Can you please me the link to download the trail version I have already submitted the request on portal already.
I manage to follow this tutorial https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ and now i'am able to intercept the request using burp on android 7+ if using native apps. but somehow it does not work if...
I sent request for Free Trial BurpSuite Professional on 5th February, but I got no response. Was my request rejected? We should begin the purchase review. Please give a quick trial version license. Thank you.
If I do a web search for proxying macOS apps using Burp Suite, I don't get any useful info. Instead, I get dozens of results talking about how to proxy iOS or Android apps. I am talking about desktop apps. On macOS, I've...
Hi all. I'm working on solving lab "Reflected XSS into HTML context with most tags and attributes blocked". I get an alert and find a pare of tag / attribute but lab does not get marked as solved. My solution is:...
Hi, I just deployed a private Burp collaborator and would like to know if there is a way to customize the length of the subdomain instances in order to do something like a.domain.tld instead of...
Page 1 of 88