How do I? - Page 128 - Burp Suite User Forum

How to encounter the error when you are using JRE 17 + ?

While opening jar file it says to supply some JVM arguments. 1. --add-opens=java.desktop/javax.swing=ALL-UNNAMED 2.-add-opens=java.base/java.lang=ALL-UNNAMED I tried both of them none of them worked. Can you tell the...

Lab: Clickjacking with form input data prefilled from a URL parameter

I am unable to login to carlos:montoya account and to solve the lab used given solution but still lab is not solved. <style> iframe { position:relative; width: 500; height: 700; ...

Burp professional

Hi, we have a burp professional multiuser license. For CICD we would like to use the burp rest api and activated image which won’t ask for license key always. Is it possible?

FINDING COLUMNS WITH A USEFUL DATA TYPE IN AN SQL injection UNION attack!

Hello, I hope you are doing well and enjoying your time at PortSwigger. Today, when I was learning about SQL injection UNION attack, I have faced a problem dealing with what has been explained below. If anyone can explain it...

Lab: DOM XSS in document.write sink using source location.search

Question about the solution: Break out of the img attribute by searching for: "><svg onload=alert(1)> How does the double quote and angle bracket break out of the attribute exactly? I can't figure out how the...

Lab: Targeted web cache poisoning using an unknown header

Hi. I wasn't able to finish any of the labs in the web cache poisoning labs. I tried to do them myself and with the help of the Solution still the lab does not mark itself as Completed. To do this I am sending a...

the lab could not be started in a timely manner.

As i'm trying to access the labs, It is showing an error i.e "Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists." I had tried launching another labs but the...

Private Collaborator Server

Dear sir, madam, For the past day I've been trying to set up a private collaborator server to work on a client that blocks the public collaborator. It's been a very educational process to say the least (phrasing I use as...

Issue with Burp Collaborator

Hi! I've got a problem with setting up my private Burp Collaborator. Life check gives an error message (DNS not working): "We communicated with the collaborator, and appeared to successfully record events, however...

Labs is not working

Hi PortSwigger Team, The labs are not working. I am getting the below mentioned messages almost for all labs. Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem...

Collaborator server Error

hello everyone i really need your guide to run collaborator server correctly this is error i got : https://pasteboard.co/tH1uA2NG7I0b.png

How do I verify a scan has used credentials?

Hello, I am using BurpSuite Enterprise to run Credentialed web application scans. How can I confirm whether a completed scan has successfully used username and password logon credentials for the scan? Thanks!

Unable to access labs

Hi, I was trying to access labs in the "Clickjacking" category, but I am receiving an error message as follows: "Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem...

An unknown error occurred.

Hi, Burp is not allowing my firefox browser to load any applications hosted on microsoft sharepoint. When I try to intercept any hsarepont applications with burpsuite it displays "An unknown error occurred.".

OAuth very first lab credentials do not work

As stated above I'm trying to solve the first OAuth lab. It requires provided credentials to log in, in order to be able to solve the lab yet they don't actually work ,so I'm unable to solve it. Thank you.

Burp Headless POST Method scanning

Hi Team, I am looking for some help related to Burp Headless (command-line) where i am trying to scanning a post method based API. Is there a way to do so using burp headless? I referred this...

iOS Testing - Burp active but not able to see HTTP requests

Hello, I recently had to test an iOS application downloaded from the App Store. First, I configured the certificate in my testing device and confirmed that Burp was working correctly by seeing HTTPS traffic in the History...

No License

I ordered my burp pro over 24 hours ago and have not received any emails. I have seen that the payment has been taken out of my account. I had to register a new account to even post this because I am receiving no emails from...

HTTP smuggling

In this tutorial there is a Note that says: The "attack" request and the "normal" request should be sent to the server using different network connections. Sending both requests through the same connection won't prove...

The web application Hacker's handbook 2 edition

After every topic in The web application Hacker's handbook 2 edition, there is TRY IT option with links like http://mdsec.net/auth/406/ , http://mdsec.net/auth/406/ . But ebery link is redirected to...