How do I? - Page 125 - Burp Suite User Forum

Sleep N seconds after calling macro

I want Burp to add a small pause between the macro and the repeater. In my case, I'm fetching a CSRF token and the web application refuses requests that are sent too quickly. How can I accomplish that?

Integration of Burp Suite Enterprise with any Vulnerability Management tool

Hi, I'm new to Burp Suite Enterprise and now I need to define which vulnerability management tool will I install in order to integrate scans from several different sources into one central location. From what I've been...

What is log?key=' in the cors tutorial ?

Hi, in this tutorial : https://portswigger.net/web-security/cors i saw this : var req = new XMLHttpRequest(); req.onload =...

Firefox Browser Doesn't Work Unless Burp Suite is on

Hello I recently installed and configured Burp Suite to use for Firefox and after setting up I realized I have a problem where now, unless Burp Suite is running with Intercept off I cannot access any websites through...

Trying to install certificate in Chromium-based Edge to test Edge extensions on Windows 11, getting HSTS errors

I've been attempting to install the Burp Suite certificate as instructed in the Chrome certificate installation guide, but I'm still getting HSTS errors on HTTPS websites. I don't know if I'm doing it wrong or if it's broken...

HTTP request smuggling, confirming a TE.CL vulnerability via differential responses

Hi I understood the principle of the lab and planned to test it. This lab environment should theoretically be TE.CL. First, I used this detection packet ...... Transfer-Encoding: chunked Content-Length:...

export websocket history

can I export websocket history as a single/multiple text file/files?

TLS Issue

Hello, I am receiving a TLS error (The server's certificate is not trusted) on a few sites that I am scanning. I have checked the dedicated server that hosts our Burp Suite Enterprise for what certs are located in the...

Host Header attacks

below are my request headers parameters to server as follows: Get /login HTTP/2 Host: actual-domain.com Host: fake1.com Host: fake2.com Cookie: xxxx . . . Host: fake3.com When I send the request using burp...

Cache-Control

if a web server uses : Cache-Control: no-store, no-cache, must-revalidate does that mean i should forget about cache poisoning?(i mean is that header and value mean this webserver does not support caches?)

proxy's problem

HI I had setting proxy 127.0.0.1:8080 and let browser also listen 127.0.0.1:8080, but when I request https://www.yahoo.com.tw , burpsiute event log apper "invalid client request received first line of request did not contain...

about chromium

Is the lower version of burp affected by cve-2021-21220?

vulnerabilities

how to solve vulnerabilities according to burp's scan result??

Scanning Atlassian Jira

We've been scanning Atlassian Jira for a few years now and it seems it gets more finnicky every time we upgrade Jira. Normally it would make 27,000+ requests, including Authenticating using our Macros, etc. No...

HTTP smuggling

Can you clarify that can an http smuggling attack begin with GET method?

Postman and Burp Suite pro Proxy error

Hi, I tried a new Postman collection which without the proxy configuration is valid means I get the expected responses in the Postman and configuration is well defined. I set the following configurations: Postman...

educational licence

Hello Burp Suite, I am a computer science student at the Goverment polytechnic koderma. I wanted to ask if it is possible to get a burp suite professional license for students. I really like to use your product but I...

Burpsuite Collaborator Not Working (Using Public PortSwigger Server)

Hello everyone. I hope I am posting this in the correct channel. My question is regarding the Burpsuite Collaborator. My collaborator cannot connect to the Portswigger server and therefore does not work properly. Does anyone...

No more activations allowed for this licens

Hi, I get the error "No more activations allowed for this license" Please help me on this Product Burp Suite Professional License...

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 11 q=smuggling So the length of 'q=smugglingis' is 11. why there is an empty line...