How do I? - Page 133 - Burp Suite User Forum

HTTP request tunnelling

In this tutorial(HTTP request tunnelling) : https://portswigger.net/web-security/request-smuggling/advanced/request-tunnelling should we setup a proxy server in burp suite from user options to tunnel the http requests?

Proxy with BurpSuite Enterprise

I'm trying to launch my BurpSuite agent with port 8090 opened for me to be able to proxy traffic through it and then run a Scan. Is this possible with BurpSuite Enterprise? Use-Case Example: I launch a burp agent with...

Authentication bypass via encryption oracle

I'm stuck in "Re-encode the data and copy the result into the notification cookie of the decrypt request. When you send the request, observe that an error message indicates that a block-based encryption algorithm is used"...

Installation of BurpSuite Professional

I was wondering if anyone knows what to do to fix the proxy host and port if BurpSuite Pro with a license is installed manually and is not set up with the host address or the port? My trial license expired so have to...

Lab problem solving related help

Actually I deleted the account mistakenly and now i can't login to my account in basic click jacking lab.☹ So i can't solve the lab. Please help me to solve the problem. Is there any way to bring up the credentials back...

remove cookie parameter from Burp suite Match and Replace

I am trying to remove unnecessary google and facebook cookies in my application request, i've tried Match: (cookie=[^;]+); Replace: but didnt work

burp suite not oprning on my pc

i downloaded the burp from the site today and installed, i also installed java latest version from oracle and whenever i launch the burp file it starts install wizard after installing nothing comes up... i need help please

reset my lab

hello admin! Could you please reset my lab? i am doing demo in my class but i cant reset to do again. thanks

same issue with me as well

can you please help me ASAP

Didn't got trial Burp Suite Proffesional Licence Key.

I have Filled the form for demo Burp Suite Proffesional, Also downloaded the software,didn't got the key yet. Please see into it.

Scanning subdirectories

If I want to only audit https://xx.com/subfolder how would I accomplish this? Right now I'm crawling xx.com, then auditing the subfolder when it shows up in the crawl, but sure there's a way to just start off with the...

License key wasn't accepted after reinstall

Hi team.. I installed Burp Enterprise on one server and it was working fine. I tried to scan our web application (with login and password) and Burp Log showed error "libatk-1.0.so.0" (same problem from post "Unable to...

Issues with 'Blind SQL injection with out-of-band interaction' Lab

Hello PortSwigger Team, It seems that the recommended solution is not working correctly for me. I do currently have the professional edition of the Burp Suite and I am replacing the...

Create a new Object for burp.IHttpRequestResponse

Hi Team, One of my requirement is to add sitemap with a given byte[] request and byte[] response. I have tried calling the below method. IBurpExtenderCallbacks.getCallbacks().addToSiteMap(httpRequestResponse); I have...

Burp Enterprise licensing when I need to tear down and rebuild Enterprise & Agent servers

Hi Team. We have a requirement to tear down and spin up new servers in our environment on a scheduled basis. How does Burp Enterprise licensing work in this case? Do I need to re-apply existing licenses on my Enterprise &...

Lab Not Responding

Http Request muggling Lab 2 reeturns error when ent the smuggling request. The Response is: HTTP/1.1 400 Bad Request Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Connection:...

Burp professional - updates and BApp store not working - proxy

Hi, We have a challenge with updating the Burp suite professional and connecting to BApp store. Our machines are behind corporate proxy with SSL inspection turned on, do this cause a problem with the updates and connecting...

cross site scripting (dom)

hi there burp is giving me this Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.pathname and passed to the 'append()' function of JQuery. Issue...

how do we calculate value for tranfer encoding??

POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-length: 4 Transfer-Encoding: chunked 87 GET /admin/delete?username=carlos HTTP/1.1 Host: localhost Content-Type:...

New Users Access Issues

Hi, I have administrator access for Burp Suite Enterprise, I have created new user account for my team members and gave them administrator access in Burp Suite Enterprise, users received the email with the password link,...