How do I? - Page 158 - Burp Suite User Forum

Need clarification in Exploiting XSS using script tags

I'm a beginner. I tried to create a proof of concept using <script>alert(1)</script> in repeater and I viewed the same in web where the alert box didn't appear, but the mentioned script tag was present in the search box for...

Burp Enterprise Edition scan with custom header and plugin support

Two questions 1. Can you specify a custom header on a Burp Enterprise scan? I need to supply a JWT in an authorization header before the app will even really respond and there is no direct login mechanism as it is a...

Headless using of extensions

Hi all, I would like to Import to Sitemap extension in a headless mode - is there any way to do so out-of-the-box? Are there any other ways? My use-case is the following: 1. start Burp in headless mode 2. pass .zap...

Lab: Reflected XSS protected by CSP, with dangling markup attackected by CSP, with dangling markup attack

Hi As the solution indicate: ``` Examine the change email function. Observe that there is an XSS vulnerability in the email parameter. ``` Is there any explanation on how we get that? Thanks.

Install Burpsuite on Kali ARM RaspberryPi 4

The RaspberryPi 4 Image on Offensive-Security doesn't come with BurpSuite. It looks like it isn't supported on ARM images. I was wondering if this is correct or am I missing something. I downloaded this image: Kali...

How can i bypass this race limit protection ?

Hello, i have a website, and this website using a race limiting protection mechanism like this: when you do a request you use session_id, this session_id regenerating on every single request,but you can get next...

Opt out of telemetry collection in Enterprise

From the release notes for August: Telemetry collection Starting with this release, we are collecting telemetry that will allow us to understand your usage of Burp Suite Enterprise Edition better, and offer you more...

License a Trial

I requested a trial of BurpSuite Professional, received a download link but no trial license file. I review the My Account section of the portal and found no key. Please help. Keith

Could not find or load main class .awt.headless=true

Hi, when trying to run burp in headless mode I get the following error: Error: Could not find or load main class .awt.headless=true Caused by: java.lang.ClassNotFoundException: /awt/headless=true

Combine Web Cache Poisoning Vulnerabilities Lab Issue

I managed to changed the language to espanol but when I craft the response in exploit server by following the hint, it only gives me Client Error: Forbidden. So whenever I poisoned the espanol page, only the language option...

Preinstall CA certificate?

Hi. Is there a way to set a predefined CA certificate for burp to use as CA? We'd like to use Firefox for testing through Burp, but I can't find a way to auto-install the certificate. Thanks!

Saving multiple Requests/Responses

Hello! Is there a way to save multiple Requests/Responses from Proxy HTTP history. The documentation here https://portswigger.net/burp/documentation/desktop/tools/proxy/history says that quote: "Save item(s) - This function...

Do I first remove my Burp Community edition before I install Burp Pro??

Hi All, I updated Burp Community edition last week, in kali linux. But had to remove old version to get new CE to work right. I just purchased the Burp Pro yesterday. Do I first remove my Burp Community edition before...

proxy credentials

When I change the proxy on the browser and map it to burp (127.0.0.1:8080) I get asked to enter my credentials with every request, after a minute or so, my AD account gets locked!! Note: - in the "User option" tap my...

Install Burp Suite Enterprise

Hi There, I have install BSEnt by follow with this link https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws But while I start Main cloudformation stack that have an error and rollback...

Lab: Combining web cache poisoning vulnerabilities

I have a question here: First I poisoned the spanish language cache then I poisoned the webpage so that all user visiting homepage will be redirected to spanish page. Since the website uses lang cookies to change the...

how to access lab ?

I am getting 302 response while reset the password in host header attacks - basic forget password poisoning. How to access the lab ? am i need to pay ?

Discover Content Feature - Cookies

Hello, Can you provide some details on how Burp generates the cookies that it uses for HTTP requests during a Discover Content session? I am clearing the Cookie Jar before starting the session, but somehow Burp is able...

Unable to Undo in Repeater Burp Suite Pro v2021.8

Hi, I'm unable to do Undo (ctrl+z) in Repeater after modify and send the request. I'm pretty sure I can do it in the previous version. Is there any setting related to this in the new version? Regards

Use Burp Macro and Session Handling to modify parameter in the body of the request

Hi, I currently have a macro and session handling rule to update a parameter following this tutorial: https://www.cyberis.co.uk/burp_macros.html I'm using a custom parameter with the same parameter name I'm trying to...