How do I? - Page 106 - Burp Suite User Forum

CSRF where token is duplicated in cookie

hi iv been going through the labs started of doing the easy ones know im on the practitioner level labs but iv came across two that im positive iv done what it asked, by sending a page to a victim that automaticly changs the...

Burp Browser Error!

Hi guys. I have a problem with Burp Browser after updating Burp to version 8.1! How do i fix it?

2FA Authentication Support in Enterprise Burp

Hello, Does Enterprise Burp support 2FA for the users who access to the console? Thank you.

for clearing doubts regarding paragraph in CORS article https://portswigger.net/web-security/cors

Intranets and CORS without credentials Most CORS attacks rely on the presence of the response header: Access-Control-Allow-Credentials: true "Without that header, the victim user's browser will refuse to send their...

Intercepting viber

Is it possible to intercept viber, and which protocol is viber using for public groups(communities)

Burp Extension

Hi! I am trying to write a burp extension but the thing is a already done what i need to do in processHttpMessage . But then i wanted to add a IcontextMenuInvocation. I added but now when i try to call processHttpMessage it...

Burp Pro license

Hi there team, i purchased the Pro License of Burp via Bank Transfer but still didn't get any email,i would appreciate your support. best regards.

I'd like a refund on my burp pro licence

I would like a refund on my burp pro licence due to personal financial circumstances. I plan to to re-buy the pro license in the future to do the burp certification. There are no issues with the software.

SQLi lab - Blind SQL injection with conditional errors problem

Hello, I am tring to solve this lab. I notice that the solution using this pattern to check vulnerbility. TrackingId=xyz'||(SELECT '' FROM dual)||' I am confuse with concatenation symbol "||" ,why need to use...

Query regarding the Exam

Hello, I was wondering, for the first step in the exam we are supposed to get the details of a user right. Will it always be the user "carlos" or can it be anyone?

TO install Burpsuite Pro in CentOS (Linux)

I am not able to start burpsuite in CentOS Linux. I was able to install the license but after that not prompt available to progress. No detailed documentation i can find in the site for Linux(terminal) based installation...

Accuracy of Scan between Professional and Enterprise

I am just curious but, if I set all the settings the same, would there be any difference in the accuracy of the Scan by Professional and Scan by Enterprise?

SAML Authentication/Web server authentication logs

I am attempting to troubleshoot SAML integration errors. Which log file should I be looking in on burp enterprise to accomplish this?

VPN and Proxy issues

Good day, I have an assignment that requires to be connected to vpn and use a ssh tunnel to access a page that is an internal network. I require to log in to the website via HTTP authentication. When I dont use...

Match and Replace

For Example, I have a post request: -------- POST /cart.php HTTP/1.1 Host: testphp.vulnweb.com price=10&addcart=7&item=5 -------- Here is my XSS payload: "><script src=Google.com></script> now, what I want...

Starting Burp from command line with a scan configuration file

Hi, I have version 2022.7.1 of Burp professional. I am trying to start it from command line, and when doing so, I am interested in providing a scan configuration as a parameter. By searching through your forums, I...

How to find vulnerabilities in Burp Scan

In Burp Scan, is there any way to check for vulnerabilities in URLs in addition to the HTTP request/response content? e.g. How do I find vulnerabilities parts in source code instead of the contents of HTTP...

Result of Scan

I am currently using Burp Suite Enterprise Trail and would like to inquire about the result of Scan. I have executed Scan to a page which has SQL injection vulnerability. So, I expected the result of the Scan shows that the...

Lab: Clickjacking with form input data prefilled from a URL parameter

i have done what i think is all the correct details in the lab and came out with this script that covers the change me box with click me box, but i can not get the lab to give me a congratulations banner, oviously im doing...

IDOR

I have been stuck on the IDOR lab. Somehow, finding the credentials is the easy part along with the CSFR. The issue is that each time I enter Carlos' credentials, I get the following error "Invalid CSRF token (session does...