How do I? - Page 16 - Burp Suite User Forum

Scan App with a remember my browser login option

The application I'm attempting to scan has two options for authentication: 1. Remember my browser (after mfa code has been sent via email) 2. MFA everytime you login My scans are not able to make it past this step to...

Your JRE appears to be version 17.0.12-ea from Debian - error

hi every time i'm geting this massage error... was looking for a sulotion for an hour now and still can't find the solution the message is: Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on...

reset all my labs and progress.

hi. could you reset all my labs and progress.I confirm. Thanks

Asymmetric encryption of payload

Hi there, I would like to ask about the situation where the client server and the server have their own set of public and private keys for key exchanges. So, what happens is the both the request and the response will be...

Lab: Offline password cracking

Hi All im Trying To Solve This Lab : Lab: Offline password cracking i know that i need to use xss vulnrability to steal carlos cookie but when i put a script it only reflect and show My cookie what i should do to...

Active scan checking for categories outside of selected issue categories

Hello, Firstly, can't thank you folks enough for this awesome tool. I am trying to play around with the active scan under the "Issues Reported" section of the configuration. I have created a custom configuration in my...

Web Cache Poisoning with an Unkeyed Header

I solved the "Web Cache Poisoning with an Unkeyed Header" lab using the Exploit server provided in the lab. However, when I try to solve it a second time with my own exploit server that I set up with Ngrok and Python, it...

Lab: SameSite Lax bypass via cookie refresh -

I was thinking about this part: "Observe that, after a pause, the CSRF attack is still launched. However, this is only successful if it has been less than two minutes since your cookie was set. If not, the attack fails...

Flipping bit Attack and Character Frobber

I was wondering if you could share with me how I could effectively perform a Flipping bit attack and Character robbery by using the Burp suite to uncover an encrypted base attack in the application that impacts the...

Can not activate Burp Suite Pro

Hi Burp Suite Support, I have issue with activation of Burp Suite Pro. I got message "No more activations allowed for this license". Could you please help me out? Thanks,

FIX: Burpsuite not using full resolution

Hello,I am having issues with Burp suite only using 1024x768 of the screen instead of full 1080p. It opens in full screen but all the content is in the up left corner OS: BlackArch with dwm window manager on a KVM/QEMU...

multistep clickjacking

Auditing: Ignored Insertion Points: Skip all tests for there parameters

Hi, I defined my own configuration as follow: Settings\Configuration library New > Auditing Ignored Insertion Points: Skip all tests for there parameters How can I skip from auditing when scanning these URL path and...

CSRF Poc Doesn't work in Portswigger's Labs.

Hi, I've done some labs in the Academeny and I some are easy to understand and solve, However, the CSRF section doesn't work for me. I have created PoC for the First CSRF Lab titled: "CSRF vulnerability with no...

Collect Training Progress for Engineers

Hi there, I have a handful of engineers using this platform to train and I'd love to track their progress. Is there an API I could use to track their progress? thanks! Damien

Academy Lab "Reflected XSS in canonical link tag" will not marked solved

Hi, i made my own solution for solving the Lab: `https://[web-academy]/post?postId=4&test=2%27accesskey=%27X%27onclick=%27javascript:alert(1)` and it does not work. Also the official answer does not work for me. But both...

Burp Suite Pro License can be used for more than one machine?

Hi Burp Suite Team, Can you give clarification for this question i got. If I have 2 laptops, one is Macbook, one is Windows laptop, can I install Burp Suite Pro for these 2 devices with one Burp Suite Pro license, or...

error

Couldn't read the API definition. Review the definition and correct any syntax errors. the error is displayed when i try for api scan and not working aslo

Confirming Client-Side Desync Results in Burp Scan Report

I ran a BURP scan and the client-side desync was detected. I'm having trouble understanding the confirmation logic in a Burp Scan report. I have read the James Kettle article as well as performed the Portswigger lab for the...

How to View Response in Repeater?

I took a short course on using Burp and wanted to play around with it some more a few days later. However, I noticed that when I capture an HTTP response and try to send it to Repeater, I can only see the request there. I...