How do I? - Page 139 - Burp Suite User Forum

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

Hello everyone! Im having troubles with this lab. I tried even to follow the youtube videos to get with the solution and not even that helps. Im getting a 400 and {"error":"Invalid request"} I tried also to switch...

Digest Auth in Burp was removed?

Hi, What happened with Digest authentication support? https://portswigger.net/burp/documentation/desktop/options/connections "Supported authentication types are: basic, NTLMv1, and NTLMv2" In the previous versions...

Any Solution to "Network Protocol Error" in Firefox while Using Burp!

Hi Guys, I've been seeing an error on some websites while using burp the error on firefox goes like --- Network Protocol Error An error occurred during a connection to target.com. The page you are trying to...

scanning ip ranges ?

Hello, given we have set of ip ranges to scan. how i can do with burp to set different ip ranges in the target scope ? can someone advise ?

Find and replace with $ sign in replace not working

I am attempting to use find and replace to replace the user agent string with a jndi payload. However the dollar sign in the replacement string causes the replacement not to work. For instance: Match:...

Stop scan

I need to stop scan on paticular GET/POST keyword. If web page says: "Error. Could not find..." I want previous GET/POST. To stop at that message.

Upgrade Burp Enterprise, Linux Distro

Would anyone have a link to detail the steps in upgrading Enterprise Edition within a Linux environment? My current version is; 2021.12.1-8680, Java version: 11.0.10 Any advice appreciated.

GraphQL mutation for extensions

Does graphql support mutations of a given site to add an extension?

Can my employer purchase the exam for me?

How can my employer purchase the exam for me? Don't you have something like a voucher system or can you email us a quotation?

Cannot access the web security lab

I can not access any lab on your website using Microsoft Edge. When i click "Access the lab", it shows the error message is "ERR_CONNECTION_TIMED_OUT". I tried another device and browser but they have the same issue. Can...

plaintext password

Hi there, if I capture a login request and view a password in plaintext form, would this indicate a vulnerability? Considering that if you capture it in some applications like facebook it will appear encrypted.

Scan DIV class

Hi! I need to scan just a part of web page - DIV class. This class is changing time to time, and I want to find how and when it changes. It shoud be random, but I don't think it is. For example, clock on web page changes...

Burp Pro isn't intercepting HTTP requests from Terminal

Hello, I am using Burp Pro and it doesn't intercept any HTTP request from Terminal on my macOS. Help me, please. Thank you.

Why simple quote is necessary in SQL Blind Injection using TrackingID?

I'm in first lab of Blindd SQL Injection and payload for test is: TrackingId=xyz' AND '1'='1 Why is necessary this quotes in '1' and '1?

Questions about licensing

Hi. Please let me know about the license of Burp Suite. I am aware that the Burp Suite license is to be installed on the device after purchase, but do I register an account with the user of the license? Since the user...

Would Burp Suite Professional detect log4j vulnerability?

We use Burp Suite Professional for regular scans of our application. Is there a guarantee that the scan tests for the log4j vulnerability?

Burpsuite Enterprise uninstall script?

What is the usage for uninstall script at /usr/local/burpsuite_enterprise/? It asks to run as root but I would need to know the required params and command to run it silently as root.

Configure Burp to Intercept/Retrieve/Store Streaming Responses

Hello everyone! So basically one web application which i'm currently testing seems to be using some kind of Streaming Response technology, and i'm not being able to configure Burp to be "compatible" with that. I can...

log4j2 vulnerability - are burpesuite products affected?

Hi, Could you please clarify if burpesuite products are affected by newly discovered log4j vulnerability. More info on the vulnerability...

Remove Java JRE 1.9.0_4 on Burp Suite Enterprise Edition v2021.11

How do we remove / clean up the following unsupported JAVA JRE within Burp Suite Enterprise installation ? : The following Java JRE installation is unsupported : Path :...