How do I? - Page 194 - Burp Suite User Forum

Reset my Burp License

I am getting an error like 'Too many activations' My test machine was down so I used a temporary laptop. Now that my main server is running I want to return the license to that machine but Burp Pro says too many...

Intercepting Android version 8.1 HTTPS Traffic

Hi there, I have a rooted Nexus 5x (Magisk rooted) with Android 8.1 installed. I have been trying to intercept traffic with Burp but I'm running into problems that I have never had before. There are only a few HTTPS...

Lab: SSRF via OIDC dynamic registration

Can anyone explain how would one come by the "http://169.254.169.254/latest/meta-data/iam/security-credentials/admin/" endpoint as it appears in the lab solution? My understanding is that it is an IP that is within reach of...

how do i understand that which parameter is vulnerable ?

I am working with the burp hint and solution to exploit vulnerabilities .In many of these there are some parameters that are vulnerable and we change the values usually given to alpha numeric so then the vulnerability...

how to use "Match and replace" feature

Hi team, i just loved burpsuit and am using free version of burp and i need some help to understand some feature. there is match and replace feature, i need help :- how can i put value of every parameter during...

Unable to capture requests with Pulse Secure running

I have a mobile app to test and the iOS test device and the laptop are connected to same WiFi network. I'm able to set up the proxy and instal burp certificate in the device and capture requests, but once I connect to...

i am just lerning bruteforce attcks from your lab

I have places the usernames in the payload set but while selecting payload set 2 i m not able to find it in a dropdown list can you please me regarding this

Getting Error while running Private Collaborator Server

Any reason why Im not able to poll to the private collaborator server root# java -jar burpsuite_pro.jar --collaborator-server --collaborator-config=myconfig.config 2021-02-10 22:10:31.305 : Using configuration file...

Not able to update my Burp Professional suite from 2020.9.2 to 2021.2 version

Dear Sir/Maam, I am currently using Burp Professional suite licensed version 2020.9.2. I have downloaded the latest version i.e 2021.2 but not able to upgrade my Burp Pro. I tried installing the latest version using an...

API query

Hi, I have lots of powershell scripts calling the api (Graphql) and don't seem to see a way of linking a site to the folder its in on the UI. Both show up on the site tree below. But theres no link between...

Refusing to start browser

I have this error: "Refusing to start browser as your current configuration does not support running without sandbox" And when I run the Embedded Browser Health Check the only warning appears in "Checking headless...

HDI Make the Inspector sidebar bigger?

The Inspector sidebar is great but how do I expand it horizontally to see more of the parameter names/values?

Could not connect to any seed URLs.

Team, I tried to scan API using the IP and port number but after 5 mintues it is saying "Could not connect to any seed URLs. " I am using BurpSuite Enterprise Edition Kindly help me to proceed further. I have...

How do I make embedded chromium browser only request traffic I tell it to?

Whenever I fire up the embedded browser in Kali Linux, chromium contaminates the HTTP history with useless traffic trying to phone home to Google for various updates/checks/account/sync whatever. And I don't mean javascript...

Proxy service not starting while port is free

Hi, I have been testing a thick client application, but while i am trying to start the proxy listener on port 80, It says "Failed to start proxy service on 127.0.0.1:80. Check whether another service is already using this...

Unable to activate license

Hi Portswigger team, I have formated my mac and I am unable to reactivate the license on the same machine please help me asap

macOSX V11.2 Big Sur, OWASP BWA and Virtual box--Home Hacking CyberSec Lab

The scenario.....finished Web Academy Labs. During the labs discovered that macOSX has some incompatibility issues with Burp Suite and the Web Academy Labs....No Problemo!!! Set up, on macOSX 11.2 (Big Sur) a virtual machine...

Cross Site Scripting

Hi, we are using the Burp professional version. We are doing cross site scripting testing on our application. There is one page where we can create an object with java script in the input values (ex: <script> alert(1)...

"Cross-site request forgery" scan doesn't detect anything in the "Lab: CSRF vulnerability with no defenses"

Hi, I'm working on the Lab: CSRF vulnerability with no defenses (https://portswigger.net/web-security/csrf/lab-no-defenses). I have been able to solve the lab so no issue there but the "Cross-site request forgery" scan...

Allowing the symbol "&" to be part of a string, instead of being something else

Hello, I've been trying to add the symbol "&" as part of a string in my POST request yet, I can't find out how. I tried backslash, "`", etc. I would truly appreciate it if you could help me out as soon as possible. Thank...