Burp Suite User Forum
I got an External Service Interation on a scoped domain via Host Header. Now I am inserting my collaborator's URL into the host header, I am not getting any pingback/response. But it works with cURL with the following...
Hey: I'm building a Extensition that should be able to modify the response message after the message has been shown in the Proxy tool,and before the message arrive browser。 I've thought about IProxyListener, but...
I have 2 licenses in Burp, how can I get rid of that 1 license?
Hi, I have got a quick question about the solution of the lab mentioned in the subject. I understand the context and the approach, I have come pretty close to the solution myself but just could not make it work. The...
Xss labs are not marked as solved even after multiple times of solving it
How can I disable TLS 1.0 and 1.1 on Burp server it self ?
Is there anyway I can escape the dot character "." in Intruder? I'm doing an intruder attack with the email as parameter 1, which is "J12934@juice-sh.op", I need to escape the dot in the email address, so I entered ...
Any tips while pen-testing Flutter based Android apps? Since it ignores system proxy and user/system CA certificates you cannot use burp suite easily.
Don't know why i keep running into this fatal error when trying to solve all the Insecure deserialization labs... This is the error i keep running into despite encoding the section cookie twice before pasting the value to a...
I am running a simple Cluster Bomb. Every Request sent generates a "Set-Cookie:" with a new JSESSIONID to be changed. How do I include that with every new request using Burp Pro?? Suggestions? There is a regex option...
Hi, I saw this post (https://portswigger.net/blog/api-scanning-with-burp-suite) where it mentioned Burp Suite Pro and Enterprise is now able to read the OpenAPI file, however I'm not sure where I can import the OpenAPI...
Hello, I wanted to know if it was possible with Burpsuit to capture TCP traffic? Thanks in advance
I was intercepted a request from Protonmail (https://protonmail.com). But in the HTTP response password parameter is missing. I forget the password of my protonmail account and I have add recovery email in my protonmail...
I am trying to buy a professional version. However, it needs both a company email and company name. I am unemployed and I need to buy one for my personal training. What should I do? Best, Betty
Hi,I'm practicing brute force attack in DVWA (Windows and Firefox browser) when my burp suite intercepter capture GET request it not showing me parameters like username and password... Please help!!
I was intercepted a request from Protonmail (https://protonmail.com). But in the HTTP response password parameter is missing. I forget the password of my protonmail account and I have add recovery email in my protonmail...
Dear Burp support, According to [1], the scanner is able to parse OpenAPI documents it encounters. However, the API that I want to scan does not provide a documentation on any endpoints, but I do have a local OpenAPI...
Dear team, Post login with Enterprise credentials, no window has been prompted to activate license. Referred to the below URL. Please assist here. ...
Hi, I have recently setup a BurpSuite on MacBook running on MacOS 11.2.3 (Big Sur) and would wish to intercept the network traffic on mobile devices (Android and iOS). I have followed the setup listed...
Hi... Is it possible in BurpSuite Enterprise edition use proxies when my agents begin to scan web-sites? Thx...
Page 160 of 311
Your source for help and advice on all things Burp-related.