How do I? - Burp Suite User Forum

Burp Pro license

Hi there team, i purchased the Pro License of Burp via Bank Transfer but still didn't get any email,i would appreciate your support. best regards.

Hi! I am trying to write a burp extension but the thing is a already done what i need to do in processHttpMessage . But then i wanted to add a IcontextMenuInvocation. I added but now when i try to call processHttpMessage it...

I'd like a refund on my burp pro licence

I would like a refund on my burp pro licence due to personal financial circumstances. I plan to to re-buy the pro license in the future to do the burp certification. There are no issues with the software.

for clearing doubts regarding paragraph in CORS article https://portswigger.net/web-security/cors

Intranets and CORS without credentials Most CORS attacks rely on the presence of the response header: Access-Control-Allow-Credentials: true "Without that header, the victim user's browser will refuse to send their...

SQLi lab - Blind SQL injection with conditional errors problem

Hello, I am tring to solve this lab. I notice that the solution using this pattern to check vulnerbility. TrackingId=xyz'||(SELECT '' FROM dual)||' I am confuse with concatenation symbol "||" ,why need to use...

Query regarding the Exam

Hello, I was wondering, for the first step in the exam we are supposed to get the details of a user right. Will it always be the user "carlos" or can it be anyone?

TO install Burpsuite Pro in CentOS (Linux)

I am not able to start burpsuite in CentOS Linux. I was able to install the license but after that not prompt available to progress. No detailed documentation i can find in the site for Linux(terminal) based installation...

Error "Secure Connection Failed" on Firefox

please help me ASAP ..... When i am connecting proxy and port to 127.0.0.1 and port 8080* (127.0.0.1.8080) as the proxy suitable for burp in Firefox I am getting an error An error occurred during a connection Peer’s...

Accuracy of Scan between Professional and Enterprise

I am just curious but, if I set all the settings the same, would there be any difference in the accuracy of the Scan by Professional and Scan by Enterprise?

SAML Authentication/Web server authentication logs

I am attempting to troubleshoot SAML integration errors. Which log file should I be looking in on burp enterprise to accomplish this?

RST_STREAM HTTP1.1 error

Hi, I'm trying to browser a web app via the inbuilt burp browser and also Chrome (pointing at Burp as the local proxy) but am getting the below error: RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the...

VPN and Proxy issues

Good day, I have an assignment that requires to be connected to vpn and use a ssh tunnel to access a page that is an internal network. I require to log in to the website via HTTP authentication. When I dont use...

Match and Replace

For Example, I have a post request: -------- POST /cart.php HTTP/1.1 Host: testphp.vulnweb.com price=10&addcart=7&item=5 -------- Here is my XSS payload: "><script src=Google.com></script> now, what I want...

Starting Burp from command line with a scan configuration file

Hi, I have version 2022.7.1 of Burp professional. I am trying to start it from command line, and when doing so, I am interested in providing a scan configuration as a parameter. By searching through your forums, I...

How to find vulnerabilities in Burp Scan

In Burp Scan, is there any way to check for vulnerabilities in URLs in addition to the HTTP request/response content? e.g. How do I find vulnerabilities parts in source code instead of the contents of HTTP...

Result of Scan

I am currently using Burp Suite Enterprise Trail and would like to inquire about the result of Scan. I have executed Scan to a page which has SQL injection vulnerability. So, I expected the result of the Scan shows that the...

Lab: Clickjacking with form input data prefilled from a URL parameter

i have done what i think is all the correct details in the lab and came out with this script that covers the change me box with click me box, but i can not get the lab to give me a congratulations banner, oviously im doing...

IDOR

I have been stuck on the IDOR lab. Somehow, finding the credentials is the easy part along with the CSFR. The issue is that each time I enter Carlos' credentials, I get the following error "Invalid CSRF token (session does...

AWS API

Hi, I was wanting to integrate burp suite professional within aws to proxy a clients web application requests and was wondering what the best path would be in doing that. Would it be best to create an API for the http...

No more activations allowed

'No more activations allowed' I need to install Burp pro on VDI(Manual activation due to company policy) to work remotely. Can I get support? Last time I asked the same and got the answer "We've added an additional...