How do I? - Page 13 - Burp Suite User Forum

Burp request

Hi Team I would like ask about some scan options.When I scan some endpoint I mark some like this in some request. /$/ GET /forum.portswigger.net/$/create?/$/category=/$/how-do-i Host: Redirected I scan 3 marked...

delete account

Please delete the rokatiger98@gmail.com account.

Lab: HTTP request smuggling, basic TE.CL vulnerability

Hi, When following the solution to this lab, the second request results in bad request error and not the expected result of the lab. I have tried it with Burp and curl with the same result. Not sure what I am...

Transfer of product key from one user to another

If I obtain the professional license for 2 simultaneous users and now need to deactivate one user whose the product key is activated and shift to a new user, How would I proceed?

Dows BSCP requires Pro

Hello, Do I need Burp Suite Pro for the BSCP exam, or can it be solved with just the Community edition (without Collaborator for example)? Thanks.

Nothing being captured by Proxy in Burp Browser

Even though I can view and manipulate websites in the Burp Browser, when I turn on intercept it doesn't capture anything, requests proceed as normal. There is nothing showing up in the "HTTP history" tab. Could this be...

Basic questions about the exam

Hi, If I fail the exam, do I have to pay the fee again in order to take another attempt ? Also, how frequently are exams held, and how long in advance should I register ? Best regards, sssss

Deliver exploit to Victim does not solved the LAB - CSRF where token is tied to non-session cookie

I tried to solve this lab using the following solution: head: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8; body: <form action="https://ID.web-security-academy.net/my-account/change-email"...

problem

when i exploit csrf it show not solved and i use chrome and burp pro , my exploit <html>  <body> <form...

Possible error in 'Lab: Basic clickjacking with CSRF token protection'

Despite I inputted the URL of the account page of the dangerous delete button, the log in page is displayed in the exploit server instead of the page containing the dangerous delete button

Basic clickjacking with CSRF token protection HELP

I'm trying to solve this lab but on the target website it directs to the login page instead of the account page with the delete button. How do I make my code redirect to the account page instead of the log in page? I've...

Burp new Version problem

Hi Team I upload new Version 2024.7 of Burp but in proxy/interception i new button .I allow for "all forward" .But when new respond from website coming .The Burp ask me again .and not allow for new coming respond . How...

How do I reset a lab?

How do I reset the lab "Lab: Exploiting insecure output handling in LLMs". I created an account but forgot the username. Now I can't login.

Reset Progress

It has been a while and I need to start fresh on learning the materials., Can I get a Learning and Lab reset on my account?

Web academy reset

Hello, I would like to start preparing for the Burp exam however, I would like to reset my progress completely in the academy materials. Can someone reset all progress please. Kind regards

Web cache poisoning via ambiguous requests

Hello! I'm trying to solve the lab "Web cache poisoning via ambiguous requests", but when I send the request: GET /?cb=123 HTTP/1.1 Host: 0acd0096031d9194836bfbf000b1009a.h1-web-security-academy.net Host:...

Spidering request params

Hello, i would like to spider a website and return all the possible get and post parameters excluding their urls. is there a built in feature to achieve that? Ideally would like to store all the params as an...

About OS command injection inspection

I was curious about what kind of payload Burp uses to send to the Collaborator server when scanning for blind OS command injection. So I looked at the logs from the scan. I saw that only the nslookup command was used. I...

No more activations allowed for this license

I needed to use my burp license on new machine, but even though I removed my license from old machines, I cannot activate license burp again. Could you help me with this?

Does API Scan do anything different than just using scanner?

Before there was an API scan, I would do some manual testing on APIs and then run the API through scanner to double check my work. Now I see there is an option for API scan or Web app scan but what is the difference? Does...