How do I? - Page 164 - Burp Suite User Forum

Testing WEB API connection

HELLO DEARS, I need to test an authenticated WEB API, through a header "AUTORIZATION" + <STRING OF 30 CHARACTERS>. I don't understand how BURP could be configured to be able to test, since for now it only gives me the 401...

need to scan one of my URL

I need to scan one of my website but scan audit is showing as 10d remaining.Please help on this.

Burpsuite Community v2021_7_1 Windows 10

Hi, I downloaded burpsuite_community_windows-x64_v2021_7_1 file as jar and exe file on Windows 10. When I started to installation by exe file, half time of the progress bar the installation was stopped and nothing...

Burp not capturing local Andriod network traffic

I'm trying to use Burp to capture traffic from my routers companion app. I've set up the listening port, installed the burp certificates system and client side and installed 'ProxyDriod' to isolate the traffic from the...

Lab: DOM XSS in document.write sink using source location.search inside a select element

Hello, i have a very simple question regarding this lab, I'm not really sure why my payload worked. The source-sink of this DOM based xss is the GET param `storeId` and can be summarized here: var store = (new...

SSRF with whitelist-based input filter

Hi everyone, I'm working on solution of SSRF with whitelist-based input filter lab. The payload which used by solution is http://localhost:80%2523@stock.weliketoshop.net/admin/delete?username=carlos. I have searched...

exploit servers

Can you explain me in details about the use of exploit server?

Burp Report analysis and solution

Hi folks, we have scanned our application live scan, we are getting below issues, Issue detail The value of the URL path filename is copied into the HTML document as plain text between tags. The payload...

Unable to forward

Hi, I am intercepting traffic from Firefox browser but I am not able to forward. I am using Community Edition v2021.6.2. It is not working with FoxyProxy either without it.

GraphQL Create Site Error (Python)

I am getting the below error when attempting to add a site to burp enterprise via a python script. #Error "errors": [ { "message": "Variable 'input' has coerced Null value for NonNull type...

Configuring and automating BurpSuite Enterprise Edition scans

I'm evaluating BurpSuite Enterprise Edition and had a question for anyone who might have experience using it. Architecturally, BurpSuite EE (hereafter "BSEE") seems to have the following componentry: - A web app; used...

Burp Collaborator server returning 127.0.1.1

Does anyone know why my private Burp Collaborator server keeps returning 127.0.1.1 instead of its own IP address? I'm running it on Ubuntu on Digital Ocean.

Connectivity issues with Burp Collaborator

Hi there, I'm trying to set up a private Burp Collaborator. I can connect to it, e.g. by curling it, using its external IP address from the server it is running on, but not from anywhere else. This is on Digital Ocean,...

Burp Collaborator - Will load balancing mangle traffic

We would like to deploy Burp Collaborator, but front it with a load balancer. We intend to run just a single instance. Our company has a compliance requirement that anything internet-facing be fronted by a load balancer...

A JNI error has occurred, please check your installation and try again

[dude@dude-80sm Desktop]$ burpsuite Error: A JNI error has occurred, please check your installation and try again Exception in thread "main" java.lang.UnsupportedClassVersionError: burp/StartBurp has been compiled by a...

where are the burp logs located?

I'm stigging the burp application. I need to review the burp logs to make sure burp logs certain events such as application server startup, successful/unsuccessful attempts, system authentication etc. Can you let me know...

Regarding The Default credentials weiner:peter

Why is My Default credentials weiner:peter is not working in any of the academic labs even in different sessions.can i get my solution?

Error in Track your progress

Hello, I solved the levels listed below but it is not noted outside the lab (e.g. "Track my progress"). However, when I access the labs I receive the message "Congratulations, you solved the lab!". SQL...

We know that,login authetication is must for crawling and scaning . So what are the different ways for authentication . for example we need to provide the just login details and base url then it will do the crawling and scanning and i also read about macr

We know that,login authetication is must for crawling and scaning . So what are the different ways for authentication . for example we need to provide the just login details and base url then it will do the crawling and...

How can I automatically Log issues reported for a host in target map.

I would like to log issues reported for a host under target map to a file. I need the details of the traffic into a file same like the way burp reporting under issue...