Burp community forum

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

Hello, I'm trying to figure out what is going on under the hood but with no luck so far. Trying following as a possible solution I don't understand why the Response is "Unrecognized method G0POST" Why there is a zero...

Last updated: Feb 17, 2020 03:15PM UTC | 0 Agent replies | 0 Community replies | How do I?

How to decrpyt or encrpyt password hashes like SHA -256 , 512 ,224 with burp suite pro

Please help me with decrypting or encrpting password hashes when i try to hash/ de-hash using decoder the text appears to be scrambled

Last updated: Feb 17, 2020 11:11AM UTC | 1 Agent replies | 1 Community replies | How do I?

Regaring Web Security Academy : Lab: Exploiting cross-site scripting to steal cookies

In this Lab which user to simulate as the lab does not give option to create a new user , post comments in the blog with new user , Login as another user , view the new user blog , exfiltrate the another user cookie and send...

Last updated: Feb 17, 2020 10:06AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Macro Session Handling

I'm trying to generate a HMAC token on each request. I have an API that needs to launch first with custom HMAC headers to generate token. After that I have another API calls that needs that generated tokens. What I've...

Last updated: Feb 17, 2020 09:31AM UTC | 2 Agent replies | 0 Community replies | How do I?

Lab: Basic clickjacking with CSRF token protection

I have deleted the given user by mistake, now i can't access the lab. kindly advise with required steps to reset the lab or user credentials.

Last updated: Feb 17, 2020 08:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Modify Executable in the Intercept Response Tab

Hi Folks, I have the following test use case with Burp and i kindly request your insight to resolving this: 1. I need to showcase a proof that a windows client (target) doesnt perform signature validation on the client...

Last updated: Feb 16, 2020 05:45PM UTC | 0 Agent replies | 0 Community replies | How do I?

How do I install Burp Suite Enterprise Edition from command line?

Hello, I am trying to install Burp Suite Enterprise from the command line. The server that will be running it is on a virtualized server that has no ability to do a GUI install. Is there anyway to do this through CLI?

Last updated: Feb 16, 2020 05:37PM UTC | 3 Agent replies | 6 Community replies | How do I?

Burp Suite Enterprise + OWASP Juice Shop

Hi, I'm using Burp Suite Enterprise (Version: 1.1.04-2579, Java version: 9.0.4) and configured a new scan with crawl and audit into the OWASP Juice Shop (https://juice-shop.herokuapp.com). This application is written...

Last updated: Feb 16, 2020 05:35PM UTC | 1 Agent replies | 2 Community replies | How do I?

NET::ERR_CERT_VALIDITY_TOO_LONG

Information ------------------------------------------------------------ Version : Burp 1.7.32 (Professional) Burp Proxy Server : Kali Linux Certificate : Android Device 7.0...

Last updated: Feb 14, 2020 10:45PM UTC | 4 Agent replies | 3 Community replies | How do I?

Burp Enterprise unattended install -- what is the administrator password?

When doing an unattended install from a response file generated by a previous install, e.g. `./burpsuite_enterprise_linux_v1_1_02.sh -q -varfile response.varfile`, what's the administrator password set to? The password from...

Last updated: Feb 14, 2020 07:49PM UTC | 2 Agent replies | 3 Community replies | How do I?

use 32-bit JVM

I am wondering if I am using wrong version JVM or Burp Suite. Recently our organization renewed the Burp Suite Professional v1.6.21. In account to that I see an alert message each time I launch as "You appear to be using...

Last updated: Feb 14, 2020 06:03PM UTC | 1 Agent replies | 5 Community replies | How do I?

Second Order Testing | Burp Scanner

I'm trying to setup a session rule for Burp Scanner, is it possible to create a session/macro for the following scenario? Scenario: Webpage #1: POST Request http://example.com filename=payload Webpage #2:GET...

Last updated: Feb 14, 2020 03:41PM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Enterprise scan Issue

Hi Team, As i have been trying scan same application in both Burp Pro v2020 and Burp Enterprise both. I have initiated scan in pro which got completed in 10mins whereas i am using the same Burp pro JSON file in...

Last updated: Feb 14, 2020 01:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

Enterprise logging into a simple application

My application has a login form with 3 fields. Username Password and an ID. How do get enterprise to log in and scan past the login page? The application is simple, no fancy js doing the login, no https in my dev...

Last updated: Feb 14, 2020 11:08AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Interest in Purchasing the license

Hi Team, We want to do a POC on Burp Suite Professional version and interested in purchasing the license Can you please me the link to download the trail version I have already submitted the request on portal already.

Last updated: Feb 14, 2020 09:30AM UTC | 1 Agent replies | 0 Community replies | How do I?

unable to intercept traffic on android 7+ if using browser or webview apps

I manage to follow this tutorial https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ and now i'am able to intercept the request using burp on android 7+ if using native apps. but somehow it does not work if...

Last updated: Feb 13, 2020 08:22AM UTC | 1 Agent replies | 0 Community replies | How do I?

No Response to my request for BurpSuite Professional Trial

I sent request for Free Trial BurpSuite Professional on 5th February, but I got no response. Was my request rejected? We should begin the purchase review. Please give a quick trial version license. Thank you.

Last updated: Feb 12, 2020 08:23AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I proxy macOS DESKTOP Applications using Burp Suite?

If I do a web search for proxying macOS apps using Burp Suite, I don't get any useful info. Instead, I get dozens of results talking about how to proxy iOS or Android apps. I am talking about desktop apps. On macOS, I've...

Last updated: Feb 11, 2020 05:36PM UTC | 0 Agent replies | 0 Community replies | How do I?

Lab: Reflected XSS into HTML context with most tags and attributes blocked

Hi all. I'm working on solving lab "Reflected XSS into HTML context with most tags and attributes blocked". I get an alert and find a pare of tag / attribute but lab does not get marked as solved. My solution is:...

Last updated: Feb 10, 2020 06:15PM UTC | 5 Agent replies | 6 Community replies | How do I?

Custom length of private Burp collaborator's instances

Hi, I just deployed a private Burp collaborator and would like to know if there is a way to customize the length of the subdomain instances in order to do something like a.domain.tld instead of...

Last updated: Feb 10, 2020 02:12PM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 1 of 88