Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

I have completed the lab but it is showing Unsolved. (Stored XSS into HTML context with nothing encoded) in this lab. Please look into it.

I have completed the lab but it is showing Unsolved. (Stored XSS into HTML context with nothing encoded) in this lab. Please look into it.

Last updated: Aug 21, 2024 07:05AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Authentication bypass via OAuth implicit flow - Request Not going through Burp Proxy.

While doing this lab, when i login, after this request (GET /oauth-callback HTTP/1.1), the website is unable to send the (POST /authenticate) request. I tried in mozilla and Chrome. Whenever the oauth-callback request is...

Last updated: Aug 21, 2024 06:47AM UTC | 5 Agent replies | 7 Community replies | How do I?

How can I replicate the "Send group in sequence (simple connection)" using python?

Hello, I am working on the lab "Host validation bypass via connection state attack," which requires sending two HTTP requests over a single connection to trick the server into believing that both requests are directed to...

Last updated: Aug 20, 2024 11:55AM UTC | 1 Agent replies | 0 Community replies | How do I?

Set Cookie on GET in Python Requests library

Hi all, I was doing the blind conditional SQL injection lab here. I wanted to program my own Intruder essentially, because the community Intruder is slow, and the lab has to bruteforce password letter by letter. I...

Last updated: Aug 19, 2024 01:39PM UTC | 1 Agent replies | 1 Community replies | How do I?

Can I use my employer-purchased Burp Suite Pro license for personal use?

My employer purchases a Burp Suite Pro license for me annually. This year, I would like to explore bug bounty and I am curious whether PortSwigger allows license holders to use the same license on their personal installation...

Last updated: Aug 19, 2024 12:58PM UTC | 1 Agent replies | 0 Community replies | How do I?

Multistep clickjacking output not working despite proper alignment of text

<style> iframe { position: relative; width:500px; height: 700px; opacity: 0.0001; z-index: 2; } .firstClick, .secondClick { position: absolute; top:420px; left:60px; z-index: 1; } ...

Last updated: Aug 19, 2024 12:41PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: SameSite Strict bypass via sibling domain

Hi im trying to solve this lab : Lab: SameSite Strict bypass via sibling domain here s My script : <script> // Create a new WebSocket object that points to /chat endpoint var webSocket = new...

Last updated: Aug 19, 2024 11:59AM UTC | 2 Agent replies | 2 Community replies | How do I?

CSRF LABS

Hi,I just started learning cyber security and came across these labs. i started with csrf labs and i understood their concept but when viewing the exploit it doesnt change the email but when i deliver it to victim it's says...

Last updated: Aug 19, 2024 10:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

burp interface issue !!!

no matter how i tried new version, old version, pro one or community i find my self facing this does anyone knows how to fix it or why it's happening https://prnt.sc/i8_003jPkqnU

Last updated: Aug 19, 2024 09:30AM UTC | 1 Agent replies | 1 Community replies | How do I?

Retrieving CSRF token from hidden in a form.

Hi, I have a macro defined to do this but how do I know if it is actually working from the Macro ui? Should i see it as a derived parameter when I test or re-analyze with macro editor? Thank you Patrick

Last updated: Aug 19, 2024 09:28AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite change value cookie

I'm trying to change the value of a cookie using the Burp option, "Match and Replace". Here is my configuration: Item: Request header Match: cookieName:.*; Replace: cookieName:myValue; Type: Literal. Unfortunately, it...

Last updated: Aug 17, 2024 11:03AM UTC | 1 Agent replies | 2 Community replies | How do I?

Blind SQL injection with out-of-band data exfiltration exploitation

Hello, I am wondering if the labs are really vulnerable or there are some other checks? I was trying to solve the Blind SQL injection with out-of-band data exfiltration lab and as a first step I just wanted to check the...

Last updated: Aug 16, 2024 11:51AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab : Multi-step clickjacking unresolved even though it works fine for me

I am using Burp Browser, and I have enable third-party cookies to make the exploit works. Here is the code that I'm using: <head> <style> iframe { position:relative; width:500px; height:800px; opacity:0.1;...

Last updated: Aug 16, 2024 07:31AM UTC | 1 Agent replies | 2 Community replies | How do I?

activation error

I have a problem with "no more activations allowed". Can I get assistance?

Last updated: Aug 16, 2024 07:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

activation error

I have a problem with "no more activations allowed". Can I get assistance?

Last updated: Aug 16, 2024 05:48AM UTC | 2 Agent replies | 2 Community replies | How do I?

Oauth lab: Can't complete Stealing OAuth access tokens via a proxy page lab

Hello Portswigger team. I am not able to complete the above lab.I tried the payload in the solutions. <iframe...

Last updated: Aug 16, 2024 04:44AM UTC | 5 Agent replies | 8 Community replies | How do I?

JWT Editor extension fails to resolve lab JWT Algorithm confusion

Hello, I was asking for help on a specific problem trying to solve the JWT lab: authentication bypass via algorithm confusion, basically I can achieve all the steps except the last one which is to sign the JWT token with the...

Last updated: Aug 15, 2024 02:15PM UTC | 2 Agent replies | 1 Community replies | How do I?

Username enumeration via response timing

The final step of the LAB I am not getting the 302 response in practical lab. Is anything I am missing. On the "Payloads" tab, add the list of numbers in payload set 1 and add the list of passwords to payload set 2....

Last updated: Aug 15, 2024 07:15AM UTC | 6 Agent replies | 5 Community replies | How do I?

How can I reset all my labs

How can i reset all my labs, I feel fogot how to solve them and wanna learn again

Last updated: Aug 14, 2024 05:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

Issue with Exploiting Null Origin CORS Vulnerability Due to X-Frame-Options Restriction

Dear PortSwigger Team, I am currently working on a lab exercise that is vulnerable to a null origin CORS vulnerability. According to the lab instructions, we need to exploit this vulnerability by crafting an iframe and...

Last updated: Aug 14, 2024 03:36PM UTC | 2 Agent replies | 1 Community replies | How do I?

9 10
11
12 13

Page 11 of 332

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image