Burp Suite User Forum
I recorded a login and confirm it's able to do authenticated crawl and audit I'm a new scan with the UI. I'm trying to achieve an authenticated audit only of the crawled URLs in headless mode is this possible?
Hi, I am using the Burp Pro, and noticed a weird behavior with Burp. In the Crawler logger, I saw that crawler sent requests to '/api/...', but that 'api' branch never get populate in the sitemap. The crawler is setup...
When you close an attack window, it gives you an option to save it in the project file. However, I can see no way to pull up the 'saved' intruder entries after reloading the project. What's the trick?
Hello,first of all wanna thank Portswigger for the learning opportunity they did present to us for learning about web security. Personally have really gained confidence, knowledge and skills through your Web Security...
Hi Burp Team, If the response contains HTML special characters e.g (<>') with the HTML tags, they appear in encoded form. Example: ======== <h1>Profile of <class 'type'>!</h1> Is there any way to...
Hi Team, APIs are not web apps where the crawler can be used to automatically discover various links, forms, sub directories and inputs fields. It's kind of point-and-shoot and it provides expected output for a given...
Greetings, Please guide me on How to intercept HTTP requests and responses with Burp Suite (Community) while HMA Vpn is on. Thank you in advance.
Hi Team I would like ask about easy question.If I want intercept some cookies session how should looks like line with burp collaborator. ‘“><img src=x...
Lab: "Reflected XSS into HTML context with all tags blocked except custom ones" <a...
I'm attempting to do this Lab, but whenever the requests reach the 400s, it keeps timing out for me, giving me a 504 error. I've tried breaking up the requests into 20, 25, and even 33/33/34 per attack, but when I do that, I...
Attempting to apply for a trial license of enterprise edition, but not accepting my work email address, being prompted with "Please enter a valid business email address" Can you please assist. zhupeng@cathayjr.com Thank...
In this tutorial(HTTP request tunnelling) : https://portswigger.net/web-security/request-smuggling/advanced/request-tunnelling should we setup a proxy server in burp suite from user options to tunnel the http requests?
I'm trying to launch my BurpSuite agent with port 8090 opened for me to be able to proxy traffic through it and then run a Scan. Is this possible with BurpSuite Enterprise? Use-Case Example: I launch a burp agent with...
I'm stuck in "Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used"...
I was wondering if anyone knows what to do to fix the proxy host and port if BurpSuite Pro with a license is installed manually and is not set up with the host address or the port? My trial license expired so have to...
Actually I deleted the account mistakenly and now i can't login to my account in basic click jacking lab.☹ So i can't solve the lab. Please help me to solve the problem. Is there any way to bring up the credentials back...
I am trying to remove unnecessary google and facebook cookies in my application request, i've tried Match: (cookie=[^;]+); Replace: but didnt work
i downloaded the burp from the site today and installed, i also installed java latest version from oracle and whenever i launch the burp file it starts install wizard after installing nothing comes up... i need help please
hello admin! Could you please reset my lab? i am doing demo in my class but i cant reset to do again. thanks
can you please help me ASAP
Page 110 of 311
Your source for help and advice on all things Burp-related.