How do I? - Page 197 - Burp Suite User Forum

Deletion of "wiener" user in "User role can be modified in user profile" lab

I've delete my account (wiener:peter) in Access control vulnerabilities:User role can be modified in user profile lab now I cannot solve the lab Because I can't login to as wiener. How can I reset this lab? It...

Highlight Multiple Lines in the text or draw red box around it

Hi there, Is there a way to highlight multiple text? Or to indicate which header are missing? For example, I want to indicate that Cache-Control Header and XSS-Protection header is missing. *HTTP/1.1 200...

License problem

Dear Burpsuite Support my windows is crashed last week, so i restored my system from backup image. after restore windows system, Burplicense's license became invalide, maybe due to maximum number of licenses. Could you...

Scanner: java.net.SocketException: Connection reset

Proxy: Proxy service started on 127.0.0.1:8080 Scanner: java.net.SocketException: Connection reset Please help us to resolve this error OS: Windows 10

Getting scan ID for querying scan result

I create a ScheduleItem using the GraphQL API of Burp Enterprise. How can I get the ID of the scan (or scans) using the GraphQL API in order to query the result of the scan? I cannot find how the ScheduleItem or Site is...

Please help me to install Burpsuite Enterprise Edition on Ubuntu OS

I want to install Burpsuite Enterprise Edition on Ubuntu OS

Run Burpsuite professional in ubuntu server

Hi, can I run burpsuite professional in an ubuntu server that has no GUI ?

burp

Hi, I'm new to this website. I wish to know how I can use burp to solve the labs here. Thanks

How do I change the default URL Scope for default scans

I want to change the default URL scope for the standard "Live passive crawl" and "Live audit" tasks from Everything to Suite scope. I've change the "scope_option" setting in my project options JSON for "live_active_scanning"...

Getting scan_id from ScheduledItem

Hi. Is it possible to obtain via GraphQL API scan_id when I have ScheduledItem ID? My scenario is that I'm creating scheduling scans using CreateScheduleItem (which as a result gives me ScheduledItem ID) and then I would...

Burp Suite Professional project Creation

In Burp Suite Professional while creating a new message error message is sent saying could not create file C:\ProgramFiles\BurpSuitePro\2020-07-10-Test.burp.The new project is created using burp default configuration. What...

CSRF PoC vulnerability only succeeds while Proxying through Burp

This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp...

Examples of business logic vulnerabilities

Hello! When I try to complete lab https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-broken-logic at step to brute force 2fa code I recive 400 code after some tries and message like this:" HTTP/1.1...

Communication error while scanning

Hi, When i run passive scan or active on my respective website, it throws communication error. This error is showing in event log. Please help me in this issue.

Stuck in Business Logic Flaw Lab: Low-level logic flaw

Not sure how to solve this. Any suggestions?

Stuck in Lab: Low-level logic flaw

i need help in the mentioned lab, at least in which area we have to use Burp Intruder or Turbo Intruder more hints please :)

How do I login?

I entered my email address and the retrieve password. but i cannot login.

activation limit reached

Hi, It seems that I have used most of my activations while playing with different OS versions in my VMS. Could you please add one or two more activations please? Kind Regards

scan ID from POST response

I'm initiating a scan using Burp POST REST API (curl -vgw "\n" -X POST 'http:burpURL' -d '{"urls":[targetURL]}'), I see even number (scan / task_id) as a part of HTTP response location header but if I initiate a scan using...

Burp to command

Hi there, Is there a way to run the sitemap demo.testfire.net with external command and save to a file. Example, I want to run sslscan <sitename> gobuster -u http://<sitename>/ -w...