How do I? - Page 159 - Burp Suite User Forum

about the purchase

Hi, On August 20, 2021, burpsuit was purchased for Innova "innova-btolicense@innova.com.tr ", via your website. But license information has not been sent to us yet. Can you be supportive in this regard? Thank...

Unable to import a client TLS certificate

Hello PortSwigger, Since the webpage we are testing is reporting during BURP scans TLS certificate issue, we wanted to mitigate it by uploading our certificate. Using Java´s keytool I have been able to convert our .jks...

csrf token in the set-cookies header

I have website that put csrf token in set-cookies header and generate new csrf token with every request and different url, I am trying to grab csrf token FROM SET-COOKIES header using burp suite, how do i do that?

burp suite does not intercept client application

I have a client to server app and nd I want to perform a MITM on this application to inspect the traffic, but the problem is burp does not intercepting traffic of this app. (He interacept other applications) I know for a...

Match and Replace

Dear Sir, I am trying to match and replace, What i want: ----------------------- Get base URL: http://testphp.vulnweb.com/search.php?test=query I want...

How do I solve SQL Injection Lab #11?

Hi, I am working through lab #11: https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses After finding out how many characters there are in the admin's password, the final stage is to crack...

https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-exploiting-php-deserialization-with-a-pre-built-gadget-chain

how to exploit php but website install Error Failed to connect to localhost:80

Recover project file

Burp recently crashed (unattended) while I had a project open. Any attempts to open my project file I get "An error occurred when start a project with the selected options. Could not open file: ..." I have the burp...

Exploiting Ruby deserialization using a documented gadget chain

Here is One line in Solution that. Browse the web to find the "Ruby 2.x Universal RCE Gadget Chain" by Luke Jahnke. But i am not able to understand that which is Luke Jahnke script. because here is many more scripts by...

Remove/Delete Scan

Is there a way to remove or delete an existing scan in BURPSUITE Professional via REST API? If not, what is the alternative? Is this functionality available in the Enterprise version REST API?

How much time would it take for a normal website?

Hi, I am scanning a wordpress website and was wondering how much time it is taking. The reason why i ask is it takes forever ( maybe that is normal ) and always at a certain point it will give e error and says...

scan a development site at AWS from the Burpsuite server across an established VPN,

I can browse the url from the burpsuite enterprise server across the VPN to our AWS site via the onboard browser so I know it can get there from this box, but setting up a site to the url, I get a message in the scan logs...

SSRF with filter bypass via open redirection vulnerability

Hello I do not understand why I can't access the admin panel through such a request : GET /product/nextProduct?currentProductId=2&path=path=http://192.168.0.12:8080/admin/delete?username=carlos Why do we have to do it...

Burp Enterprise Report export using Api

How do I download a latest scan report using a grapql api Without using the scan I'd. Like searching for the site as we have a unique value in the site example KT1234 and if matches download the latest scan report. Can...

Deactivate license in one machine and activate in another

Hi All We have 2 VMs and we wanted to deactivate license in one machine and activate in another VM. Please advice.

No Load Balancer Created by AWS cloud Formation Teamplate

Hi Team, I have followed the AWS deploy documentation(https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws ) and it has successfully created all the CFT stack. As mentioned in steps in...

Purchased license not available

Hello, More than a week ago I have purchased a license but is not available in my account. The payment was successful and all my attempts to get in touch with someone via email were unanswered... Can you please check...

Can I use Burp Suite Professional with SAML and Okta (w/ security code).

I'm Using Burpsuite Professional and have a new scan that I need to conduct that requires the following: Can I use Burp Professional for sites that are SAML enabled? Okta has a MFA process. After entering the okta...

Eliminate Duplicates in Active Scan

When creating a "New Scan" and configuring a URL to be crawled/audited I notice that the scan detects/adds the same exact sub-URL multiple times (dozens of times) to the Audit Items list. Is there any reason that the same...

Duration of Scans not decreasing, when only checking for XSS

Hi all, I am using BurpSuite Enterprise and I have added a scan configuration, that will only check for XSS (reflected, etc...). I expected the Scan to take lesser time, than a default scan. However my assumption is...