How do I? - Page 119 - Burp Suite User Forum

Blind SQL injection with time delays and information retrieval

i tried the cluster bomb and i tried it manually. both times i got 2 different passwords. none of them unlock the admin account. what do i have to do to login? =)

Received fatal alert certificate required

Hello, I am testing an API that requires a CA certificate and a Client certificate (Host, CRT file & KEY file) to be configured for you to access it. I am able to do it with Postman but when I proxy the traffic via Burp...

scan

Hi，When I select a target，What is the difference between selecting ‘scan’ and selecting ‘actively scan this host’? I did a test and found that using these two different options will find different vulnerabilities

Activation Failed

I formatted my computer and reinstalled Burp Suite Professional. But It was not activated. I tried so much time but I can't use it now. Can you help me please?

Burp intruder's match/replace rule for {FILE}

When I tried to use Burp intruder's match/replace rule for {FILE}, I get invalid regex error. Please advice.

Lab 1 Directory traversal(File path traversal, simple case)

How we know image(218.png) is present 3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www/image/218.png or /var/www/image/abc/218.png, How we get to know this for applying...

trouble installing

Hello, Trying to run Burpsuite on Kali (Pi4b, Cortex-A72), running the latest Open-JDK and I keep running into issues. If I run the JAR i get: "invalid file (bad magic number): Exec format error" and if I run the...

Burp related query

We have following questions please acknowledge our query:- 1) We are running testcafe script via burp but in Target tab our application url is showing disabled. 2) We are getting all the out of scope items in our...

Lab1 WebSockets ( Manipulating WebSocket messages to exploit vulnerabilities )

Hello, when I try to send a message in the live chat feature of the lab, the message does not go through. Any suggestion? Regards.

Obtain Burp/Network logs to better troubleshoot Error "Received fatal alert: unknown_ca"

I use Burpsuite Pro to test DoD Common Access Card (CAC) and non-CAC websites for DoD. I'm able to access different CAC websites via FireFox and Chrome from a Kali VM residing on a MacBook Pro. I have encountered a website,...

Export Burpsuite issues to CSV

Hi, I'm using Burpsuite Pro and was wondering if there's a way to export the Burpsuite XML to CSV so it can be imported to Powerbi?

Burp Enterprise Collaborator

Is it possible to configure a burp collaborator instance to work with burp enterprise?

deleting account

i want to delete my portswigger account

Active Site scan with dynamic session id.

I am attempting to complete a authenticated crawl and audit of my site that is configured to dynamically change the session ID for each login attempt. How do I capture the session ID and complete an authenticated crawl and...

how host header injection exist but we change the host header the server must make error that host header not exist !

How do i get burp to automatically extract and display all base64 encoded images ?

I am using burp suite to intercept traffic from a site, I am trying to view the images from the proxy but the site uses web sockets to send all the images(Base64 encoded strings) at once to be loaded on Demand Which is...

the client failed to negotiate a tls connection to xxx.xxx.xxxx:443: Remote host closed connection during handshake

Hi, When I use my local ip address to intercept data ,I'm getting the alert "the client failed to negotiate a tls connection to xxx.xxx.xxxx:443: Remote host closed connection during handshake" , But if I use the...

Set Drop Out of Scope Requests (Enterprise)

Is there a was in Burp Enterprise to explicitly set the scanning machines to drop all out of scope requests like in Burp Pro?

Is there a way to strip out-of-scope items after the fact?

Hello, I'd like to share a Burp project file. However, it contains a huge amount of out of scope items I don't want to share. Usually, I define the scope in projects but dont select 'ignore all out of scope traffic'...

Struggling with Burp Suite Certified Practitioner Exam

Hello, I just failed my attempt on the Burp Suite Certified Practitioner Exam. This was a rather frustrating experience, as I managed to solve the first App in ~1.5 hours, giving me a lot of time for App 2. After...