How do I? - Page 17 - Burp Suite User Forum

Clickjacking Labs First 3 Lab Not Solved Problem

Even tough my payload is working on view exploit when I try to deliver it to victim it never solves the lab. Yes, I change the email before I deliver to victim. Check this Payload for Lab: Clickjacking with a frame buster...

JWT authentication bypass via algorithm confusion with no exposed key

How HARD, I try.. I am not able to resolve this lab... even after using multiple methods to solve this lab.... Cookie part is working.... Symmetric Key which is being created using .PEM public key which is not...

Request Manipulation

Hello Team, I have one general query. Changing a request query parameter to a different value and then getting a different result. As long as the data is something user should have access to then there isn't a problem...

repeater

I've seen on yt videos that if u sent a request in repeater then it will solve the lab. But when i sent a request in repeater it isn't showing the lab is solved

Lab: Bypassing access controls via HTTP/2 request tunnelling - Not getting the desired response.

Hi All, I am following the solution mentioned in the lab solution. In the last step when I change the :path to /admin, I get the following response, "HTTP/2 500 Internal Server Error Content-Type: text/html;...

Burpsuite Enterprise: False Positive findings disappear from scan results

Hi, I'm not sure if this is a bug or a feature but I'm observing the following behaviour when using the Burpsuite Enterprise scanner: When a scan finishes, in the Issues section contains the vulnerabilities found by the...

Renewal of Burp Suite Professional license

Hi Support, I would like to know how much (in USD) does it cost to renew my current Burp Suite Pro license?

Burp Audit Not able to check if the session is invalid

I understand that Burp automatically checks if the session is invalid and restarts the login process accordingly. However, is there a way a user can change what would be considered "invalid session". The application I am...

Unable to access labs - Server Error

I have been trying to access portswigger CSRF lab "SameSite Lax bypass via cookie refresh" since yesterday but, it keeps throwing 504 gateway timeout - "the server didn't respond in time".

Can not activate Burp Suite Pro anymore

Hi Supporters, I have a few PC installed Burp Suite and some of them got reinstalled recently Today I do activate Burp Pro and I encounter a message "No more activations allowed for this license". Could you please help...

License again!

My license expired in just two days! It's curious because I didn't use Burp Pro until now. Now, I can't use it anymore because there's no valid license for me. And I paid for it! Congratulations! I believe I still had more...

Scanning error

As i tried to scan the URL scan got aborted with following error 1654690424690 Info Task 11 Paused due to error: Could not connect to any seed URLs. 1654690423985 Info Task 11 Crawl started. 1654690242653 Debug Task...

Scan errors in Burp

I ran an active scan using Burp. The scan was abandoned due to multiple errors. I would like view the error logs so that I could figure out what went wrong. How do I check these errors?

Forward findings to Security Hub or Defect Dojo

Hi, Can BurpSuite Enterprise Edition forward findings to Security Hub or Defect Dojo after it finish to run the scan in a CICD pipeline?

How to Change DB username and password after installation?

I am using Burp Enterprise. I've installed it in silent mode with a response.varfile which contains the db username and password. I have an external database server whose password I would like to change after burp is...

Are the clickjacking labs no longer working?

Have been working on the clickjacking labs however it looks like cookies are not being passed to the iframe - when framing the site the my-account page is being redirected to the login page. I did these labs a couple of...

Burp Scans not reporting previously reported issues

Hi, I am currently using Burp Pro REST APIs to trigger DAST scans. I have noticed that if a finding is reported by the current scan, then it will not be reported again if I trigger the scan on the same URL again. I think...

Clickjacking with a frame buster script proving problematic

I have tried several browsers, and read other issues on the clickjacking labs. Despite having the email planted and the correct iframe attribute annnnnnd the "Click me" right on top of "Update Email" this one does not...

Extend activation license key

Hi, Just reach maximum activation license key. Now I get message "no more activation allow". Can you extend it ?

Lab: CSRF where token is duplicated in cookie. Invalid CSRF token error

Hello. I've been struggling to resolve a few CSRF challenges, as for example "CSRF token is simply duplicated in a cookie", I also had problem with "CSRF where token is tied to non-session cookie". When I click on "View...