How do I? - Page 124 - Burp Suite User Forum

Choosing Issue types

Hello! I've a doubt about the scanning configuration, in Issues reported. Could you tell me if every scan type (passive, light etc) is independent of the rest? or are they incremental? I mean, if I select only "Medium...

Is it possible to use TLS passthrough for a specific directory path in a URL

Could you please tell me if it is possible to use TLS passthrough proxy option to pass through specific directories within a host domain? So that these directories would be passed through, but not others on the same host? ...

Targeted web cache poisoning using an unknown header

Hey, Can you have a look a this code because I can't get the lab resolved. I think I'm doing everything right but there's no way. Request ET / HTTP/1.1 Host:...

Unable to access labs

Hi Team, unable to access labs getting error: Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists.

Client certificate in Burp Enterprisemsts

Hi, Is there possibility to use Client TLS Certificate on Burp Enterprise, like in Proffesional and Community Edition? Thank you in advance and have a nice day!

Password authentication/modification

I'm having trouble logging in/changing my password. Every time I click 'forgot password' I get sent an email to retrieve my new hashed password at login. Once I'm logged on, I navigate to 'My Account' where it "should" allow...

Grep - Extract

I am learning to use burp suite and am interested in gathering some information through the Intruder function. Once I have set up the payloads (numbers, with rule to upper case) I go into the intruder options and add grep -...

Academy Labs

Hi, Just going through the labs and I don't seem to be able to complete the "Blind SQL injection with out-of-band data exfiltration" lab. I get a message "Client Error: Tampering with the _lab cookie (TrackingId) is not...

Allowing all hosts through SSL passthrough except one?

Any way to allow all hosts through SSL passthrough except one, say "hostname"? I tried this Regex: ^((?!hostname).)*$ Now everything passes through, but also including "hostname". I want hostname to *not*...

How to do a random number bruteforce in burp suite?

I want to do a bruteforce from number 38000000000 to 39000000000 but what is happening here, when I try to bruteforce with Payload type: Numbers it is giving a sequential bruteforce, what can happen here, what can I do to...

Unable to download Burp Suite

Hi, I’m not able to download the software. Tried it on chrome and Firefox. Every time I click the download button, it turns grey and shows downloading without downloading anything. Please help me out. Need this software...

Downloading does not complete

Hi , Cannot download Burp Suite Pro. I clicked on 'Download Software' option but nothing got downloaded even after half and hour. Only 'Downloading' message appears Please advise

Advanced Target Scope - Load File

Hey all, I normally used regex in advanced scope to make sure I capture all sub domains. However, I have a list of over 100 I'd like to check. I created a TXT file of the domains with regex but when I go to Load the file...

Lab: Exploiting XXE using external entities to retrieve files

Hello, i can't solve the Lab: Exploiting XXE using external entities to retrieve files, i am using body in request: ?xml version="1.0" encoding="UTF-8"?> <!doctype root [<!entity test system 'file: ///etc/passwd'>]>...

Burp scan crawler cannot detect or redirect a 307 status

I have a page: example.com . The login page is https://example.com/login After login it goes to http://example.com/my-details with a 307 internal redirect status and after that to https://example.com/my-details which is the...

Requested for Burp Suite Pro Free Trial but no update

Hi Team, I recently applied for a free trial on https://portswigger.net/burp/pro/trial. However, I have yet to receive the free trial license key.

getting error while clicking on access lab

Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists.

Import Client SSL Certificates

Hi, I was able to package my cert and key file into a PKCS#12 file and import it into "Project options -> SSL -> Client SSL certificates -> Override user options" from Burp UI. But I want to know if there is a way to load...

CSRF Lab token tied to non-session cookie. Set cookie via javascript?

Hello all, the solution for this lab used the fact that the search functionality could execute a set-cookie response header using another session id. I'm curious why could this not be done via javascript, prior to form...

Host header not present - Password reset poisoning via middleware

Hi, I'm trying to solve to complete the lab "Password reset poisoning via middleware". I sent POST /forgot-password to Repeater and add "X-Forwarded-Host:...