How do I? - Page 110 - Burp Suite User Forum

How do I run scans in headless using application login

I recorded a login and confirm it's able to do authenticated crawl and audit I'm a new scan with the UI. I'm trying to achieve an authenticated audit only of the crawled URLs in headless mode is this possible?

Crawler not populate certain URL to sitemap

Hi, I am using the Burp Pro, and noticed a weird behavior with Burp. In the Crawler logger, I saw that crawler sent requests to '/api/...', but that 'api' branch never get populate in the sitemap. The crawler is setup...

Viewing saved Intruder attacks (Burp Pro 2022.1.1)

When you close an attack window, it gives you an option to save it in the project file. However, I can see no way to pull up the 'saved' intruder entries after reloading the project. What's the trick?

X-Forwarded-For, Macro, Turbo Intruder

Hello,first of all wanna thank Portswigger for the learning opportunity they did present to us for learning about web security. Personally have really gained confidence, knowledge and skills through your Web Security...

< auto decode to <

Hi Burp Team, If the response contains HTML special characters e.g (<>') with the HTML tags, they appear in encoded form. Example: ======== <h1>Profile of <class 'type'>!</h1> Is there any way to...

REST API Scanning Using Burp Enterprise

Hi Team, APIs are not web apps where the crawler can be used to automatically discover various links, forms, sub directories and inputs fields. It's kind of point-and-shoot and it provides expected output for a given...

How do I intercept HTTP requests and responses using HMA Vpn with Burp Suite.

Greetings, Please guide me on How to intercept HTTP requests and responses with Burp Suite (Community) while HMA Vpn is on. Thank you in advance.

cookies session collaborator

Hi Team I would like ask about easy question.If I want intercept some cookies session how should looks like line with burp collaborator. ‘“><img src=x...

Lab Solution clarification

Lab: "Reflected XSS into HTML context with all tags blocked except custom ones" <a...

Lab: Username enumeration via account lock server timeout issue

I'm attempting to do this Lab, but whenever the requests reach the 400s, it keeps timing out for me, giving me a 504 error. I've tried breaking up the requests into 20, 25, and even 33/33/34 per attack, but when I do that, I...

Apply for a trial license

Attempting to apply for a trial license of enterprise edition, but not accepting my work email address, being prompted with "Please enter a valid business email address" Can you please assist. zhupeng@cathayjr.com Thank...

HTTP request tunnelling

In this tutorial(HTTP request tunnelling) : https://portswigger.net/web-security/request-smuggling/advanced/request-tunnelling should we setup a proxy server in burp suite from user options to tunnel the http requests?

Proxy with BurpSuite Enterprise

I'm trying to launch my BurpSuite agent with port 8090 opened for me to be able to proxy traffic through it and then run a Scan. Is this possible with BurpSuite Enterprise? Use-Case Example: I launch a burp agent with...

Authentication bypass via encryption oracle

I'm stuck in "Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used"...

Installation of BurpSuite Professional

I was wondering if anyone knows what to do to fix the proxy host and port if BurpSuite Pro with a license is installed manually and is not set up with the host address or the port? My trial license expired so have to...

Lab problem solving related help

Actually I deleted the account mistakenly and now i can't login to my account in basic click jacking lab.☹ So i can't solve the lab. Please help me to solve the problem. Is there any way to bring up the credentials back...

remove cookie parameter from Burp suite Match and Replace

I am trying to remove unnecessary google and facebook cookies in my application request, i've tried Match: (cookie=[^;]+); Replace: but didnt work

burp suite not oprning on my pc

i downloaded the burp from the site today and installed, i also installed java latest version from oracle and whenever i launch the burp file it starts install wizard after installing nothing comes up... i need help please

reset my lab

hello admin! Could you please reset my lab? i am doing demo in my class but i cant reset to do again. thanks

same issue with me as well

can you please help me ASAP