Cache poison labs - Responses not caching

Hello, I've been using the labs to practice cache poisoning. So far I've completed some of them, but since I tried the one that explotes DOM-based vulnerability, my requests made on burpsuite never receive a "X-Cache: hit"...

Intruder attack results

Hello, For a school project, i am using a Kali VM to perform a password attack on the login page of Damn Vulnerable Web Application (DVWA). Just focusing on obtaining the password of username admin, i use the Sniper...

Combine detected issues in a report

I ran an active scan and the issue activity does not contain all of the issue activities detected/reporting from the dashboard. Is there a way to combine the two into one report?

Activations Errors

Hello support, I have been working on getting Burp to run inside a docker container and ran into an issue stating the activations had been exceeded. There was a post on the internet stating there is a way to add the...

Need a small more insights on SQL injections post

Hello everyone, I was going through the SQL injection learning materials, and I didn't quite understand a sentence I need some explanation to understand, that sentence follows, "In some situations, an attacker can...

Architecture recommendation

Hello, I have to deploy BurpEnterprise with 10 to 20 agents for the moment on 1 machine. I have 2 questions : - Which sizing should I chose for the machine, you have reco for sizing for base and agents do I have to sum...

Burpsuite Stops to intercept requests if connected with anyconnect VPN tool

Hi, I am connected with a VPN (Cisco AnyConnect Secure Mobile Client v4.8.00175) I have put proxy in my android phone (Marshmallow) I can intercept all https requests when I am NOT connected to vpn BUT i am facing...

Add email recipient to POST configuration on REST API

Hello Support, When I performing a scan from Jenkins, by the REST API. There is no report functionality like "add email recipient". Normally in Burp Suite Enterprise, this is configured by site. But how I configure...

How can I optimized my audit

My project is stuck in "Identifying items to audit" for 13 hrs, heres some info: 5014 request 2575 locations crawled Configuration: Crawl strategy - more complete Audit checks - medium active Minimize false...

installation in kali linux

I can't install burp pro in kali linux, you could kindly tell me step by step how to proceed thanks

Burp Enterprise: Failed to initialize database

Hi, I'm trying to install Burp Enterprise on an already configured database following the documentation here: https://portswigger.net/burp/documentation/enterprise/getting-started/installation#database-setup However,...

How do I test an application using Server-Sent Events?

How do I test an application using Server-Sent Events? I tried turning off 'Set "Connection close" on incoming requests in proxy options, but it seems like the streaming response data never gets into burp and never gets...

Error Proxy The client failed to negotiate a TLS connection to telemetry.dropbox.com:443: Received fatal alert: unknown_ca

I'm getting the follwing errors when attempting to use Burp to analyse web traffic. Any site that uses HSTS gets the following error: 1585841893062 Error Proxy The client failed to negotiate a TLS connection to...

DVWA not loading while using burp proxy

I am unable to access the DVWA website when the burp proxy is turned on (It is not showing 404 error but the DVWA website does not loads)? Why is that and what can I do about it ?

Download software

Hi, How can I download the software with my account? My colleauge has arranged the license for our company, but I don't have his login credentials.

Unable to download burp professional

HI team , I've burp pro product key ,i want to download and activate burp professional edition. could you please help me out?

Parameter handling

Hello there How are you? Would you be so kind to nudge me in the right direction; how can I make use of this feature: Quote: from...

Verify Authentication for Enterprise Edition

I expect to see authentication details in /var/log/BurpSuiteEnterpriseEdition/enterpriseAgentAccess.log - however, for my scans I do not see any details being populated for scans that I provide login details. Need to...

Lab: Reflected XSS into HTML context with most tags and attributes blocked

Hi all. I'm working on solving lab "Reflected XSS into HTML context with most tags and attributes blocked". I get an alert and find a pare of tag / attribute but lab does not get marked as solved. My solution is:...

SSL Burp certificate MacOS

Hi, I'm Lorenzo. I've followed the entire guide to install the CA certificate generated by Burp for Safari. https://portswigger.net/support/installing-burp-suites-ca-certificate-in-safari I've followed each step but it...

Page 1 of 95

Burp Suite Support Center

Your source for help and advice on all things Burp-related.