How do I? - Page 124 - Burp Suite User Forum

Troubleshooting custom extensions

I am trialing the Enterprise Edition and I have written my own custom Java extension (that I package into a self-contained "fat" jar) because I need Burp to add a custom header to each and every request that it makes. Let's...

Mapping scans to "false positive policies"?

I am trialing the Enterprise Edition and am using the GraphQL API to run scans on demand. We have some sites where certain vulnerabilities (say, Issues A, B and C) are considered false positives, and other sites where...

Burp scan website

Burp scan website has stopped and hasn't been going on for a long time so I assume it has crashed as I can fix. This is the link where I put the image https://helpdeskautem.it/allegati/BurpBloccato.png The parameters...

asp .net web form application, with forms authentication, how do I pass the login credentials

trying to scan a secure page on our application , but authentication hits and login page gets loaded

Clickjacking with a frame buster script

With this lab the iframe box is very small in the top left corner of the page and no matter what width and height I give to the <div>Test me</div> it doesn't alter its position on the page. Have tried in own Chrome...

Clickjacking with form input data prefilled from a URL parameter

This should be an easy lab and I am following the steps as described. I put the following exploit into the exploit server box as required, ensuring that the src is populated with the details of the current account user,...

Scan for blind OS command injection

Often when I am learning in the academy I wonder if that particular vulnerability would popup using the scanner. The lab https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays contains such a vuln...

providing credentials for a web application which implements OAuth?

I'm attempting to live scan a web application which makes callouts to APIs which require an access token. Burp stops the scan and asks me for credentials with which it can make the call, but establishing a session requires...

Intercept TLS Mobile App traffic

Hello i've connected my smartphone to the burpsuite mobile and installed burp certificate. I can intercept https and http smartphone navigator traffic but i cannot intercept any mobile app internet traffic. I have errors...

Drop "Exlude from scope" requests.

I am trying to develop my passive OSINT methodology and as such would like to drop any requests to the client's infrastructure. I add these to "Exlude from scope" both in the project and target tabs (and several...

Deleted account unknowingly in basic clickjacking with CSRF token protection

Hi, I deleted the account provided while solving the lab. Its, been more than a hour yet it doesn't get reset for me please help me..!(wiener:peter this was the credential)

not getting the validation link

While changing the email id, not getting the validation link on my updated mail. Please help me here

Lab: Password reset poisoning via dangling markup

Hello, In the lab on #5 for the solution after I Send the POST /forgot-password request to Burp Repeater and try to add an arbitrary, non-numeric port to the Host header I get an error. I've followed the solution and...

License Activation Error. Maximum activation allowed

Hello Burp Team I recently changed my laptop so i did another activation. I also had one in my personal machine and another one in the machine i used for jobs. I tried to activate my license in a windows virtual machine...

GraphQL queries to get all issues of the lastest successful scan on a site

Hi! I'm trying to use the new GraphQL API to pull issue data from scans performed by Burp Enterprise. I want to correlate issues to a Site via the latest scan performed on the Site. Through experience in the API, I've...

Teaching license

Hi there, I am teaching ethical hacking in https://heig-vd.ch/en. Among other tools, we are using the free edition of Burp. As we have acquired 3 user licenses of the Pro edition for other activities in my research group, I...

How do I get a latest scan from the list of scans for a specific site?

I'm using the following query to get the list of scans associated with a site. It returns me list of scans associated with the specific site. But how do I get the latest scan out of it? query getScans($site_id : ID!) { ...

Account and data deletion request

Hello, Please delete my account along with any & all data that you have stored, thank you. Sincerely, ~JR

problems with this lab

The lab is CSRF vulnerability with no defenses Every time I go to the Exploit server, I post the exploit into the box, press "Store" then press "View exploit" and I get "Server Error: Gateway Timeout (0)". I've followed...

Burp Suite Certificate Not Working

Hi, The android version I am using is 10. Proxy setting from the phone I save the certificate with the .cer extension from http://burp. I then wrap up on importing. We can simply buy burp from the browser after use, we are...