How do I? - Page 12 - Burp Suite User Forum

Building a local image for a similar lab in the academy which is based on a known CVEs

I have been trying to build a small server that is vulnerable to CVE-2022-23959 or CVE-2022-22720 to have a similar lab to...

Using Burp resources for commercial reporting tools

Is it permitted to use the content from Portswigger (such as that at https://portswigger.net/web-security/all-topics) verbatim in reports? I assume a lot of the content is the same as that which is produced when generating a...

Activation error

I have a problem with "no more activations allowed". Can I get assistance?

2FA broken logic - lab solution using community edition

Hello, I am stuck on the lab using the community edition burpsuite software. I understand that we can separate the character sets to brute force the MFA code since the attacks are time throttled on the community edition,...

Activation limit

Hi so I reached my activation limit. I have been installing kali on a few different laptops and had to reinstall it on the same laptop a few times as the OS broke a few times. How do I cancel those earlier activations? I'm...

Lab: SameSite Lax bypass via cookie refresh is not getting launched

When click on "Access the lab", it loads for sometime and getting "504 Gateway Time-out The server didn't respond in time."

Purchased a Burp Pro license, never received anything

How do I get Portswigger to send me the license? I bought the BurpSuite Pro license several days ago. Since then no email was answered or any license sent.

I want to decrypt payload using python script

Hi there currently I have a request and response payload that is actually encrypted. Currently I have a secret key of the application itself, however the difficult part for me is for me to paste the secret key to the console...

CSRF Lab: Lab: CSRF where token validation depends on request method is not getting launch

When click on "Access the Lab" button, it loads for sometime and shows "504 Gateway Time-out The server didn't respond in time."

Raw hex bytes and intruder

Hello. How can I add raw hex bytes as payload to the request when using intruder? For example, I want add the following bytes: \r, \n, \0.

Disabled menu for choosing level and category in mystery lab challenge

Hi, I've noticed that the form for spawning mystery labs challenge has disabled dropdown menu for choosing level and category, while it was working properly just few months ago. Can you please check that and let me know if...

user interface looks very bad

Please help me, the interface of burpsuite looks very bad here is a picture. cheers https://postimg.cc/qgygcFjm

Activation License

Hi Support team, I use virtual machines all the time in my work. Once again, after installing Burp Suite on one of them, I received an activation error. What i can do?

Activation Exceeds after uninstallation

Hello, I was testing on a few of my devices to understand their performance with scanning/intruder features. However, when I added a third device, I received a message saying that I had reached my activation limit. Even...

Project File Upload expired

Hello I finished the Burp Exam but the status never changed to 3/3, so when the exam time finally ended the file upload had expired.

Reset labs

I want to reset all labs to restart my learning.

Initiating API scans using Burp Pro REST APIs

Can anyone help me on how to initiate API scans using Burp Pro REST APIs. Should we pass the API documentation path/location in the URL parameter? When I pass the URL of API documentation in URL field, a scan is triggered...

"Remote code execution via polyglot web shell upload "-- not able to read the uploaded file.

I get the below error when i try to Request: GET /files/avatars/polyglot.php HTTP/2 Host: 0aa800930455a9d080976cf8008600a6.web-security-academy.net Cookie: session=29GgwnhPI6n0cQ5tSpupMs9GAHJ8uECa User-Agent:...

csrf poc not working for the victim but works for me.

Right now I am facing a problem the csrf poc works for me. But not for the victim when I click deliver exploit to the victim in the exploit server the lab is still not completed. But when I test it against me it is working...

Lab: CORS vulnerability with trusted insecure protocols - exploit works in my browser (Chrome) but not when deliver to vitim

Hi, I have a problem in the context of laboratory "Lab: CORS vulnerability with trusted insecure protocols". The problem is as follows: I rolled my own payload to be delivered to the victim. The payload...