How do I? - Page 146 - Burp Suite User Forum

Solution of the lab didn't work

I can't solve this lab for some reason. Lab = https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft Tried to inject the same payload as given in solution,...

wait in the login script?

I am using the Burp Suite Login recorder and wanted to know how I can add a wait statement in the generated script. This is because the login script runs too fast and does not find the element, I think this can be solved if...

Starting Burp Suite Pro using the command line?

Is there a way to start Burp Suite Pro using the command line along with different configurations?

Agent Software Requirements

Hi Team, I want to deploy enterprise agent on another machine so I was wondering if the agent needs separate database as the installation menu asks for the database type selection

Unable to access an application which require a class B authentication through BURP

Hi, I am unable to access an application which require a class B authentication through BURP. I am able to access the application normally on the browser. The application asks me to choose the certificate and after...

About the Web Academy content

Hi. I'm completely new to hacking and I'm learning web hacking through the academy here. I've noticed that some labs in the academy have it's contents differing from the solutions provided by the academy. For example: In...

CORS vulnerability with trusted null origin

Hi - trying to complete the CORS vulnerability with trusted null origin lab. I have put in the following script to the exploit server using appropriate urls. <iframe sandbox="allow-scripts allow-top-navigation...

hacking

how do i with the help of burp suite hack online retailers to change amounts to £0.00.Completely new to this ,but very keen to learn .Idiots guide would be good . Thankyou

How to set Resource Pool value from BURP Rest-API

hello everyone , I'm using burpsuite RestAPI for my automation but sometimes i need to set resource_pool to low number for avoid the target requests limit protections so after i choice resource_pool and add any integer value...

Sitemap

All the urls and going through and everything is find but the sitemap isn't capturing one of the websites that I want to work with. Tried everything you mentioned in the previous posts. I even re-installed my system as...

Troubleshooting custom extensions

I am trialing the Enterprise Edition and I have written my own custom Java extension (that I package into a self-contained "fat" jar) because I need Burp to add a custom header to each and every request that it makes. Let's...

Mapping scans to "false positive policies"?

I am trialing the Enterprise Edition and am using the GraphQL API to run scans on demand. We have some sites where certain vulnerabilities (say, Issues A, B and C) are considered false positives, and other sites where...

Burp scan website

Burp scan website has stopped and hasn't been going on for a long time so I assume it has crashed as I can fix. This is the link where I put the image https://helpdeskautem.it/allegati/BurpBloccato.png The parameters...

asp .net web form application, with forms authentication, how do I pass the login credentials

trying to scan a secure page on our application , but authentication hits and login page gets loaded

Clickjacking with a frame buster script

With this lab the iframe box is very small in the top left corner of the page and no matter what width and height I give to the <div>Test me</div> it doesn't alter its position on the page. Have tried in own Chrome...

Clickjacking with form input data prefilled from a URL parameter

This should be an easy lab and I am following the steps as described. I put the following exploit into the exploit server box as required, ensuring that the src is populated with the details of the current account user,...

Scan for blind OS command injection

Often when I am learning in the academy I wonder if that particular vulnerability would popup using the scanner. The lab https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays contains such a vuln...

providing credentials for a web application which implements OAuth?

I'm attempting to live scan a web application which makes callouts to APIs which require an access token. Burp stops the scan and asks me for credentials with which it can make the call, but establishing a session requires...

Intercept TLS Mobile App traffic

Hello i've connected my smartphone to the burpsuite mobile and installed burp certificate. I can intercept https and http smartphone navigator traffic but i cannot intercept any mobile app internet traffic. I have errors...

Drop "Exlude from scope" requests.

I am trying to develop my passive OSINT methodology and as such would like to drop any requests to the client's infrastructure. I add these to "Exlude from scope" both in the project and target tabs (and several...