How do I? - Burp Suite User Forum

About training of cyber security

How can I learn cyber security in this website

Authenticated Scans on Appication with 2FA login

Hi Team, I wanted to if application have 2FA(login and OTP) how to configure Burp Enterprise for the same. I can only see authentication with simple username and password field to add in auth configuration in...

Choosing Which Agents Perform Scans (Burp Suite Enterprise)

Hi, I'm wondering if there's a way to specify which agent machine does the actual scanning when specifying a site to scan. We have some sites that are only accessible internally and some that are public facing. I am...

Break down Delta scan results

I'm using GraphQL API to retrieve Delta using "ScanDelta" object (below) and get new_issue_count, repeated_issue_count etc. Is there a way to break it down and retrieve how many high, medium or low are in each...

Unable To Render Response

Hello, I get the message "Unable to render response" or "Embedded browser initialization failed" when viewing the Render tab. I've tried running as root and a regular user. As a regular user, the embedded browser health...

java version with burp enterprise

How do I upgrade the vulnerable java 9 version bundled with Burp Enterprise?

Burp Suite Enterprise GraphQL

When I try to use PostMan to access Burp Suite Enterprise via GraphQL, it either does not get me access to GraphQL or I am not authorized to actually perform anything. - I try to use our "BurpSuite URL"/"My APIKey"....

Lab: 2FA bypass using a brute-force attack

Firstly, love all the labs you guys have, over 150 labs now, very impressive. Well done! For this lab "Lab: 2FA bypass using a brute-force attack", the solution is great, totally understand how it works etc. However,...

Problems on URL

Hi, I just got 60 day free trial license. New to Burp Suite. My scan failed during the process. I would like to know the reason it failed. Is there any logs I could check on? or where can i find the errors? Its...

Setting a CAA record using the private collaborator

Hello. I wish to set a CAA record using my private Collaborator server. To create an SSL certificate, my provider requires a valid, resolving CAA record on the (sub)domain I'm running my Collaborator on. How do I set custom...

Need Tax Documents for 2020-21

Hi Team Please share the below Tax Documents for 2020-21, we would require these documents for you invoice process. 1. No PE 2. TRC 3. Form 10F Regards, Bajrang Rajput

Unknown host

Hey guys, After i vpn network to remote company, lots of time i'm getting error from burp like this "Unknown host: www.google.com". By the way after vpn i have also internet connection because when i remove burp proxy...

API scan

How do Perform API's from Burp.

Burpsuite not able to crawl for Javascript

Hi Support, I tried using Dashboard to crawl for web pages contenting Javascript and burpsuite was unable to do that. I confirmed it not making any request to the Javascript but creating a simple website with html tag and...

burpsuite_pro_v2020.6 show error when run the Jar file

Hi , Brup Installation Issue : When i try to run the above burp version in my PC , I will get the error msg that " Error A JNI error has occurred,please check your installation and try again. my PC Java version...

LAB: Exploiting HTTP request smuggling to capture other users' requests support

Hi, Having trouble with the HTTP Request Smuggling lab "Exploiting HTTP request smuggling to capture other users' requests". I can get the user request to appear in the blog post comments and have been carefully...

Lab: Username enumeration via different responses

Hello just updated burp to v2020.6. I'm trying to complete this lap however not sure if lab is out of date of if new version of burp is not compatible? I've got to step 8 however in the results page, all the lengh results...

Error In php Code

I am tyring to solve Lab: Exploiting PHP deserialization with a pre-built gadget chain. the php code given in solution is not working giving me an error <?php echo $payload = '{"token":"' ....

Not able to download

Getting error as "No valid licence found for download"

Why does the exploit for "Lab: Reflected XSS in a JavaScript URL with some characters blocked" work?

In this lab the infected code will look like this: <a href="javascript:fetch('/analytics',...