Burp Suite User Forum
How can I create a scan configuration for Burp Suite Enterprise to be able to check for OWASP Top 10 Vulnerabilities?
I have followed several other posts about importing trusted certs into a certificate store. I have "successfully" imported a certificate but the TLS Certificate untrusted finding continues to flag. How can I get this...
i, i need to change the name (cao hung anh) to "Trinh Bao Long". Thanks. Have a nice day
I followed all the method to configure proxy in my iOS device. But it seems whenever i set my proxy - 1. I'm not able to get the certificate while navigating http://burp or http://burpsuite 2. If I installed manually I'm...
It is not possible to download Certificate CA to Firefox or another browser. The page indicates an error
I got an External Service Interation on a scoped domain via Host Header. Now I am inserting my collaborator's URL into the host header, I am not getting any pingback/response. But it works with cURL with the following...
Hey: I'm building a Extensition that should be able to modify the response message after the message has been shown in the Proxy tool,and before the message arrive browser。 I've thought about IProxyListener, but...
I have 2 licenses in Burp, how can I get rid of that 1 license?
Hi, I have got a quick question about the solution of the lab mentioned in the subject. I understand the context and the approach, I have come pretty close to the solution myself but just could not make it work. The...
Xss labs are not marked as solved even after multiple times of solving it
How can I disable TLS 1.0 and 1.1 on Burp server it self ?
Is there anyway I can escape the dot character "." in Intruder? I'm doing an intruder attack with the email as parameter 1, which is "J12934@juice-sh.op", I need to escape the dot in the email address, so I entered ...
Any tips while pen-testing Flutter based Android apps? Since it ignores system proxy and user/system CA certificates you cannot use burp suite easily.
Don't know why i keep running into this fatal error when trying to solve all the Insecure deserialization labs... This is the error i keep running into despite encoding the section cookie twice before pasting the value to a...
I am running a simple Cluster Bomb. Every Request sent generates a "Set-Cookie:" with a new JSESSIONID to be changed. How do I include that with every new request using Burp Pro?? Suggestions? There is a regex option...
Hi, I saw this post (https://portswigger.net/blog/api-scanning-with-burp-suite) where it mentioned Burp Suite Pro and Enterprise is now able to read the OpenAPI file, however I'm not sure where I can import the OpenAPI...
Hello, I wanted to know if it was possible with Burpsuit to capture TCP traffic? Thanks in advance
I was intercepted a request from Protonmail (https://protonmail.com). But in the HTTP response password parameter is missing. I forget the password of my protonmail account and I have add recovery email in my protonmail...
I am trying to buy a professional version. However, it needs both a company email and company name. I am unemployed and I need to buy one for my personal training. What should I do? Best, Betty
Hi,I'm practicing brute force attack in DVWA (Windows and Firefox browser) when my burp suite intercepter capture GET request it not showing me parameters like username and password... Please help!!
Page 156 of 307
Your source for help and advice on all things Burp-related.