How do I? - Page 14 - Burp Suite User Forum

REST API Scanning

Hopefully I am not missing something (the documentation is somewhat sparse) but, after loading the OpenAPI file from disk, ... 1) Burp chooses its own sample parameter values for use during the scan. There seems to be no...

Lab: Basic clickjacking with CSRF token protection not being solved

i followed through the solution and the community solution, in the exploit server i am pasting this payload ``` <style> iframe { position:relative; width:700px; height: 600px; ...

Request for Refund of Burp Suite License

I purchased the Burp Suite Enterprise for $1999 per year. Initially, I used it a few times for scanning purposes, but it is not in use currently. I would like to inquire if it is possible to receive a refund for the...

Request for Information on Source IP Addresses During Vulnerability Scans

When performing a site check from the "Dashboard" tab in "Burp Suite Pro" using "New scan → Webapp scan," will the source IP address be the "global IP address of the network I am connected to," or will it be "some other IP...

Lab - Routing-based SSRF - how was it possible that we sent request to local IP-s and still portswigger servers responded?

See the request - how it reaches burp local servers? since this is a local server, this could point to any inner IP of any machine on the internet. please help me if you can, I am confused thank you GET /admin...

Unable to solve: Lab: Exploiting HTTP request smuggling to perform web cache poisoning

As the title stated, I am unable to solve this lab. I follow the exploit steps, and it works, I manage to poison the cache and get a redirection to my exploit server, so that the alert get executed (even though it's...

Proxying tools from WSL2 to Burp

Hi, I am using burp on windows and want to send requests from the WSL2 windows subsystem to burp, but i keep getting connection refused errors. Im not sure what am i missing.

Perform Active Scan With Checksum

Hello, I am working with an API that uses a checksum calculated based on all the parameters and values in the request. How can I run an active scan on this API? Is there a way to run a script before or after the request,...

Due date exam

Hello, I bought my exam in 2023, however, nowhere did I see that the exam expired after a year, so I have not yet started preparing. I would like to get a little more time since I understood that the portswigger exams do not...

firefox 128 data not seen in burpsuite

I am running macbook with 14.5, firefox 128 and burpsuite community v2024.5.5 In Firefox i enable proxy 127.0.0.1 8081 and most sites aren't showing up in the proxy or target history If I use chrome, or the built in...

Broken access control

looks like something is getting wrong in the lab "Method based access control can be circumvented" admin login as well as normal privileged account "wiener" is also a administrator well i won't get why is it happening...

Lab: Arbitrary object injection in PHP - why the destruct gets called?

We create an instance of customtemplate when setting cookie to: O:14:"CustomTemplate":1:{s:14:"lock_file_path";s:23:"/home/carlos/morale.txt";} but how the creation of something calls the destruct? the destruct run...

Stealing OAuth access tokens via an open redirect

I am trying to solve the lab "Stealing OAuth access tokens via an open redirect". This is my exploit: <script> if (!document.location.hash) { window.location =...

Resource Not Found - academy exploit server

iam facing the resource not found academy exploit server error at Basic clickjacking with CSRF token protection!

Can't find Dom invader in burp community ver : 2021.6.2 embed browser

Hi, i try to find Dom Invader, but i can't, please help me

CSRF where token validation depends on request method

Hi, I have a problem with solving CSRF where token validation depends on request method in Burp professional version. This is my code from exploit server aned I have changed email in the code.Do you have more information...

Licenses

Can I install burp suite pro on two machines with one license? I'd like to install pro on my main PC and use that when I'm home, and then have it on my laptop when I travel. I wouldn't be using the license simultaneously.

Request to reset progress

I want to reset all my lab progress.

Extract all fields, list values once.

I would like to extract values from the proxy logger and list each occurrence once. For example I have many different targets with different values in the X-Powered-By header. I want to know which unique values exists in the...

Burp browser error

Привіт. При відкритті браузера через програму вискакує помилка в якій пише:не являэться програмою Win32 як можна виправити дану помилку?