How do I? - Page 172 - Burp Suite User Forum

Cross Site Scripting

Hi, we are using the Burp professional version. We are doing cross site scripting testing on our application. There is one page where we can create an object with java script in the input values (ex: <script> alert(1)...

"Cross-site request forgery" scan doesn't detect anything in the "Lab: CSRF vulnerability with no defenses"

Hi, I'm working on the Lab: CSRF vulnerability with no defenses (https://portswigger.net/web-security/csrf/lab-no-defenses). I have been able to solve the lab so no issue there but the "Cross-site request forgery" scan...

Allowing the symbol "&" to be part of a string, instead of being something else

Hello, I've been trying to add the symbol "&" as part of a string in my POST request yet, I can't find out how. I tried backslash, "`", etc. I would truly appreciate it if you could help me out as soon as possible. Thank...

Forced OAuth profile linking

I am unable to get to the admin tab even after following the solutions. I have captured the code using intercept and using iframe tag to deliver it to the victim's server. I did logout and then tried to log in using...

How do I get issue_index of a reported issue in GraphQL Enterprise Burp Suite

I have a system of GraphQL request to get the scans of recent scans. I need to get the issue_index of these issues. Her is the request I am running: query GetScanIuuse ($id: IS!) {scan(id: $id} id status issues(start 0,...

Exploit server

hi i am new to cybersecurity so the next question might sound silly to some. When I solve a Labs, I often have to help me with this "exploit server" but on real sites there is no this functionality. So my question is,...

Evaluation license not working post reinstallation

I have re-installed burpsuite and am unable to use the same license

Not sure am i doing anything wrong or crawling doesn't work as expected

I'm using burpsuite professional. When i choose to do crawl, i get the message that crawling is finished, in dashboard, but i don't see any new items on sitemap sections.

Scans are pausing due to error

I have an error message that reads: "Failed to connect to the configured Collaboration Server. What configurations may I apply to continue scanning?

Setting up Burp Professional for Automated Scans via APIs

Hello, I have a few questions on how Burp can be setup to automate API Penetration Testing and call it as a service 1. Does Burp Suite Professional have APIs for Scan,Report, etc. that can be called as a web-service,...

How do I use burp enterprise edition with Selenium.

I did go through https://portswigger.net/support/using-burp-with-selenium, although I was looking for article which will explain how you can use burp enterprise edition with selenium.

Licence Burp Suite Pro with a license key

I was given a text file from my work with my burp suite pro key. How do i successfully licences it and download burp pro?

Lab: Cache key injection

Hi want to know why on the JS page inside the origin header put 4 sign of dollar and not 2. GET /js/localize.js?lang=en?utm_content=z&cors=1&x=1 HTTP/1.1 Origin: x%0d%0aContent-Length:%208%0d%0a%0d%0aalert(1)$$$$

How Do I configure Burp Enterprise Scope with more than one URL?

When configuring a new site in Burp Enterprise there are 3 options for Scope: Site URL, Include URLs, and Exclude URLs. However, only the Site URL talks about "All subdirectories of this URL will be scanned by default" How...

Burp Collaborator not responding with cookie data for XSS stealing cookies lab

Hi I am using the professional version of burp for the lab Exploiting cross-site scripting to steal cookies. I have inject the code provided in the solution and replaced the collaborator payload with my own but when polling...

Getting 404 error page

I set up the correct web server URL but somehow when the users click the link, the page shows 404- File or directory not found.

non-disk burp projects are not available in the free version

I'm being told by burp suite that non-disk based projects are only available on burp suite professional. Do I understand correctly that I need to pay for burp suite to complete this course?

Crawl was configured to use embedded browser, but a browser could not be started

My system specifications meet the minimum requirements for 2 Agents (BPS-enabled). I'm still getting this error.

Change account name

Hi I wish to change my account name to be the same as my GitHub username: Lelionbear Thanks, Arturo

Portswigger Business logic lab

Hii , I was solving portswigger Business logic lab and I was just pocking here and there and I increase the quantity of the items and all of the credit is over after solving the single lab but when I try to solve the another...