How do I? - Burp Suite User Forum

Lab: Routing-based SSRF

Hello, I've tried to solve this lab - Lab: Routing-based SSRF. When I try to brute the last octet in 192.168.0.0 ip I always get the 200 http response. I've checked it many times: Send Get / to intuder --> click the...

Resource pool tab not showing in intruder tab

In my intruder tab resource pool is not showing what should I do to enable it ? Please tell me

SSL_ERROR_ILLEGAL_PARAMETER_ALERT

This error comes up "SSL_ERROR_ILLEGAL_PARAMETER_ALERT" when I am trying to access a website. I can access the website with no trouble when the burp proxy is not enable and if I add this website to the TLS Pass Through...

Lab: Exploiting HTTP request smuggling to capture other users' requests

Hi there, I tried to solve this lab by smuggling a request such as POST / HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding:...

Burp Suite Enterprise: There was a problem checking your license

Hello, We’ve migrated our BSE instance over to Azure (from AWS) but running into activation problems when linking the license. Could this be because we’ve got the previous setup still running (and activated) on...

No output using extensions

Hi, I'm using Burp Suite pro v2022.3.8. I have some extensions from BApp, but when I try to use them nothing is being shown in the logger++ / flow. When I used it before updating the new version they were seen. The...

Intercept Requests from iOS mobile on Laptop which is on VPN

Hello Team, I am trying to intercept requests from mobile app(iOS) via Burp on my laptop(Mac), I configured the mobile to redirect the requests to burp on my laptop. But As part of my testing, I need to turn on the VPN on...

RST_STREAM HTTP1.1 error

Hi, I'm trying to browser a web app via the inbuilt burp browser and also Chrome (pointing at Burp as the local proxy) but am getting the below error: RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the...

How do I configure an upstream proxy in 2022?

https://portswigger.net/support/burp-suite-upstream-proxy-servers This is an old answer to what I think is my problem. What is the latest on how to do this? this is from 2019 and the same options are not available. ...

Installation on windows for all users,

Hi I used one of my two Burp Suite licenses to install it on a VM we have. With this license I can use Burp suite when logged in the machine with my account. But, when another user log in and open Burp Suite, that user is...

Exam with Company Lincensed BURP

Hello, is it possible to perform the Burp Suite Certified Practitioner exam with the BURP license from the company I work for??

Burp Suite Enterprise in Bitbucket Pipelines

Hey everyone, I'm new here and I would like to know if it's possible integrate Burp Suite Enterprise in the bitbucket pipelines to CI/CD. I know that is possible with Jenkins, but my company uses bitbucket pipelines and...

Android Chrome 99+ "Certificate Transparency" feature blocks burp certificate

According to Chrome release note[1], Android Chrome 99+ affects their "Certficate Transparency" policy then it reject the burp certificate which we had installed as a system certificate (with rooted device), and Chrome says...

Missing Engagement Tools Like Search and Find Comments

I have Burp Suite Professional, but it seems like I'm missing Engagement Tools. I have Find References, Discover Content, Schedule Task, and Generate CSRF PoC. What can I do to view to remaining Engagement Tools?

Customize the predefined intruder payloads

Hello, I would like to add more data to the predefined intruder payloads. eg add regional names to the list of usernames. I am aware I can enhance the testing list by adding the default one and then my own but doing this...

Scan Failed

Hi Support I use enterprise version to scan my website. I scaned 2 times but both failed. Ho to solve it? Thanks.

My activation failed Says no more activations allowed for license

Hello, I have had to stand up an number of VMs for testing and research. I like to use my pro burp on them but I keep getting a message saying that no more activations are allowed for this license. Please help me? I am the...

Burp Suite Enterpise: Not to fail CI pipeline even issues are detected

Are there any ways to force Burp Suite Enterprise to NOT fail ci-pipeline even issues found (whatever severity)? I would like to let Burp completes its scan to get the report.

Lab: Username enumeration via account lock

I just have no idea why we are adding a blank payload position at the end of the password instead of using the cluster bomb to find out the username and the password simultaneously.

Flipping bit attack base64

The cookie of interest is encrypted and encoded two times with base64 I need Burp to decode two times, flip bit, and encode two times each attack. It looks like I can decode under Payload's "Payload Processing"...