How do I? - Burp Suite User Forum

How to scan all backend API inside a website

I used Burp Scanner to scan a web app. Inside the app, there are 3 sub domain: 1. app-ui.domain.com for store statics file, serving the view 2. be.domain.com for BE API JSON 3. be-stg.domain.com for BE API Stg...

License Activation

A month ago I purchased a Burp Suite Pro license. After that I've started to install it on my PC and virtual machines. And faced with activation failed issue. How can I activate Burp Pro License after reconfiguring my VM? (I...

Run Burp pro using batch file w/o tasks being paused.

I'm trying to run burp automatically then start scans of our websites on a schedule. But when it opens it pauses the tasks. How can I disable this behavior? Everywhere I have looked in the GUI says it's disabled.

Customize a scan via the Burp Pro API

I want to customize a scan, using burp pro API and run it. When I pass switches such as: \"passive_scan_only\": true, \"audit_forms\": false, \"audit_logins\": false, \"crawl_and_audit\": true, \"crawl_limitations\": {...

No more activations allowed for this license

Hi!! Unfortunately I have had to reinstall my pc on several occasions and now when I try to install burp suite, I get the error "No more activations allowed for this license" Could you help me...

I want to Reset my Labs Progress

Good Morning Portswigger Team, I would like to reset my Portswigger Labs Progress Thankyou

License no more activations are allowed

I’m trying to activate my Burp Suite Professional license, but I’m receiving an error indicating that no more activations are allowed. I have previously activated the license on several OSs or VMs, have tried to attempt to...

Academy Progress Reset

Hello :) Can you please reset my progress on the labs and learning materials?

Host header poisoning

Why did burp scanner discover the Host header poisoning vulnerability on this vulnerable code? ``` <?php $host = $_SERVER['HTTP_HOST']; //echo "The host is: " . $host; header('Location: ' . $host ....

SSRF with filter bypass via open redirection vulnerability

I have done the lab, but the IP mentioned in the lab description is not responding. the IP is http://192.168.0.12:8080/ I have done multiple times giving a 20 minute break to reset the lab. Still the same. Can anyone help me?

Downgrade to Burp Suite Professional v2020.9.1

Hello We have installed the Burp Suite Professional and there is a request to downgrade to an older version. Is there a possibility to do so? Current version Burp Suite Professional v2022.1.1 Thank you

Question about lab Reflected XSS protected by very strict CSP, with dangling markup attack

While executing the lab, found that even using the solution you provided, the lab could not execute successfully, specifically, the csrf token is not passed through collaborator or exploit-server

I solved reflected xss lab but showing lab not solved.

https://0ac500a6048458fcdd49c87700f000ed.web-security-academy.net/?search=%3Cscript%3Ealert%281%29%3C%2Fscript%3E

How do i reset my "Mystery labs"?

Forgive me if i happen to post on the wrong place. I seem to have 5/5 on my Mystery labs in the academy. Im re-reading som stuff and going for all courses/topics for the Cert later on. i want to reset the "Mystery labs"...

There are currently no exams available in Examinity

Greetings, I paid for BSCP on Oct 24, 2024. I want to take the exam tomorrow. There is a button to start the exam in Portswigger Certifications tab, but in Examinity it says "There are currently no exams available....

issue on simplelist

I send the request to intruder for the login page with username and password. While entering password as Password* it changed to Password%2A. How can i enter * in simplelist payload.

Reset all progress

Hi Team, I would like to reset my all PortSwigger Labs Progress.

Get all parameters names from http history

Hello, i was wondering if there is a way to get all parameters names from requests on http history, if not is there a way to dump all requests to a file in order to extract them from it. Thanks.

http smuggling

The first image in this tutorial(https://portswigger.net/web-security/request-smuggling) shows that we are sending two requests and the first one is with post methode and the second with post methode.I want to know if a...

No more activation is allowed

I am activating my Burp Suite professional in new virtual air gap environment, and error returns said no more activation is allowed. I have activated the license in several OSs/ VMs previously but i have tried to...