Burp Suite User Forum

Login to post

Lab: Routing-based SSRF

Hello, I've tried to solve this lab - Lab: Routing-based SSRF. When I try to brute the last octet in 192.168.0.0 ip I always get the 200 http response. I've checked it many times: Send Get / to intuder --> click the...

Last updated: May 27, 2022 07:00AM UTC | 3 Agent replies | 3 Community replies | How do I?

Resource pool tab not showing in intruder tab

In my intruder tab resource pool is not showing what should I do to enable it ? Please tell me

Last updated: May 27, 2022 06:37AM UTC | 1 Agent replies | 0 Community replies | How do I?

SSL_ERROR_ILLEGAL_PARAMETER_ALERT

This error comes up "SSL_ERROR_ILLEGAL_PARAMETER_ALERT" when I am trying to access a website. I can access the website with no trouble when the burp proxy is not enable and if I add this website to the TLS Pass Through...

Last updated: May 26, 2022 01:17PM UTC | 3 Agent replies | 6 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to capture other users' requests

Hi there, I tried to solve this lab by smuggling a request such as POST / HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding:...

Last updated: May 26, 2022 12:16PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Enterprise: There was a problem checking your license

Hello, We’ve migrated our BSE instance over to Azure (from AWS) but running into activation problems when linking the license. Could this be because we’ve got the previous setup still running (and activated) on...

Last updated: May 26, 2022 12:12PM UTC | 1 Agent replies | 0 Community replies | How do I?

No output using extensions

Hi, I'm using Burp Suite pro v2022.3.8. I have some extensions from BApp, but when I try to use them nothing is being shown in the logger++ / flow. When I used it before updating the new version they were seen. The...

Last updated: May 26, 2022 09:46AM UTC | 3 Agent replies | 2 Community replies | How do I?

Intercept Requests from iOS mobile on Laptop which is on VPN

Hello Team, I am trying to intercept requests from mobile app(iOS) via Burp on my laptop(Mac), I configured the mobile to redirect the requests to burp on my laptop. But As part of my testing, I need to turn on the VPN on...

Last updated: May 26, 2022 09:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

RST_STREAM HTTP1.1 error

Hi, I'm trying to browser a web app via the inbuilt burp browser and also Chrome (pointing at Burp as the local proxy) but am getting the below error: RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the...

Last updated: May 26, 2022 07:53AM UTC | 3 Agent replies | 6 Community replies | How do I?

How do I configure an upstream proxy in 2022?

https://portswigger.net/support/burp-suite-upstream-proxy-servers This is an old answer to what I think is my problem. What is the latest on how to do this? this is from 2019 and the same options are not available. ...

Last updated: May 26, 2022 06:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Installation on windows for all users,

Hi I used one of my two Burp Suite licenses to install it on a VM we have. With this license I can use Burp suite when logged in the machine with my account. But, when another user log in and open Burp Suite, that user is...

Last updated: May 25, 2022 01:49PM UTC | 2 Agent replies | 1 Community replies | How do I?

Exam with Company Lincensed BURP

Hello, is it possible to perform the Burp Suite Certified Practitioner exam with the BURP license from the company I work for??

Last updated: May 25, 2022 08:36AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Enterprise in Bitbucket Pipelines

Hey everyone, I'm new here and I would like to know if it's possible integrate Burp Suite Enterprise in the bitbucket pipelines to CI/CD. I know that is possible with Jenkins, but my company uses bitbucket pipelines and...

Last updated: May 25, 2022 08:00AM UTC | 1 Agent replies | 0 Community replies | How do I?

Android Chrome 99+ "Certificate Transparency" feature blocks burp certificate

According to Chrome release note[1], Android Chrome 99+ affects their "Certficate Transparency" policy then it reject the burp certificate which we had installed as a system certificate (with rooted device), and Chrome says...

Last updated: May 25, 2022 07:42AM UTC | 4 Agent replies | 5 Community replies | How do I?

Missing Engagement Tools Like Search and Find Comments

I have Burp Suite Professional, but it seems like I'm missing Engagement Tools. I have Find References, Discover Content, Schedule Task, and Generate CSRF PoC. What can I do to view to remaining Engagement Tools?

Last updated: May 24, 2022 07:08PM UTC | 1 Agent replies | 1 Community replies | How do I?

Customize the predefined intruder payloads

Hello, I would like to add more data to the predefined intruder payloads. eg add regional names to the list of usernames. I am aware I can enhance the testing list by adding the default one and then my own but doing this...

Last updated: May 24, 2022 05:13PM UTC | 1 Agent replies | 0 Community replies | How do I?

Scan Failed

Hi Support I use enterprise version to scan my website. I scaned 2 times but both failed. Ho to solve it? Thanks.

Last updated: May 24, 2022 09:56AM UTC | 1 Agent replies | 0 Community replies | How do I?

My activation failed Says no more activations allowed for license

Hello, I have had to stand up an number of VMs for testing and research. I like to use my pro burp on them but I keep getting a message saying that no more activations are allowed for this license. Please help me? I am the...

Last updated: May 24, 2022 06:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Enterpise: Not to fail CI pipeline even issues are detected

Are there any ways to force Burp Suite Enterprise to NOT fail ci-pipeline even issues found (whatever severity)? I would like to let Burp completes its scan to get the report.

Last updated: May 23, 2022 05:59PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Username enumeration via account lock

I just have no idea why we are adding a blank payload position at the end of the password instead of using the cluster bomb to find out the username and the password simultaneously.

Last updated: May 23, 2022 12:21PM UTC | 1 Agent replies | 0 Community replies | How do I?

Flipping bit attack base64

The cookie of interest is encrypted and encoded two times with base64 I need Burp to decode two times, flip bit, and encode two times each attack. It looks like I can decode under Payload's "Payload Processing"...

Last updated: May 23, 2022 12:17PM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 1 of 232

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image