Burp Suite User Forum

Login to post

Burp Suite CA Certificate Not Trusted

Hello, I've just downloaded Burp Suite and have configured Chrome to use Burp Suite as my proxy. However, I've tried to install the CA Certificate but whenever I load a https:// URL, I get the following...

Last updated: Jun 25, 2022 04:31PM UTC | 3 Agent replies | 5 Community replies | How do I?

access controll vulnerability lab

last two question in access controll lab i can't understand because it say change wiener role to admin but wiener is already admin then how can i change

Last updated: Jun 24, 2022 01:17PM UTC | 1 Agent replies | 0 Community replies | How do I?

Exploiting Ruby deserialization using a documented gadget chain

Hi I am unable to solve this lab. *I created the base64 encoded payload using the exploit code in this site. https://www.elttam.com/blog/ruby-deserialization/ *I copied the code, changed the required parameters and...

Last updated: Jun 23, 2022 01:29PM UTC | 2 Agent replies | 2 Community replies | How do I?

How do I scan an OpenAPI 3.0 API?

Hello I am trying to follow the meager information at https://portswigger.net/burp/documentation/desktop/scanning/api-scanning in order to scan a REST API (I have the API definition file on disk). I cannot even find the ...

Last updated: Jun 23, 2022 01:12PM UTC | 4 Agent replies | 4 Community replies | How do I?

burp hostname resolution

Hello, i use burp as a proxy in my malware lab for intercepting communication in a VM used as a proxy. I have create two proxy listeners and they redirect traffic to inetsim. https://ibb.co/5LNj5Zf My...

Last updated: Jun 23, 2022 12:21PM UTC | 2 Agent replies | 1 Community replies | How do I?

How to set system wide proxy settings on Ubuntu 18.04 without exporting the environment variables?

Hello, I am Ubuntu 18.04 and I would like to set system-wide proxy settings without exporting the environment variables. I don't want to use the command export http_proxy='http://127.0.0.1:8080' as it declares the...

Last updated: Jun 23, 2022 11:58AM UTC | 0 Agent replies | 0 Community replies | How do I?

configure scan for HSTS

want to just search for HSTS vulnerabilities on security headers on a website. what configuration do I use that will show it.

Last updated: Jun 23, 2022 10:04AM UTC | 1 Agent replies | 0 Community replies | How do I?

Web Cache Poisoning X-Forwarded-Host

Hi, I am attempting the "Web cache poisoning with an unkeyed header" lab. I am not receiving a response in the Repeater when I add the X-Forwarded-Host (example.com). However, I receive a response as normal with or...

Last updated: Jun 23, 2022 07:06AM UTC | 3 Agent replies | 3 Community replies | How do I?

SSL error for Android

Getting below error: Kindly support on priority - The client failed to negotiate a TLS connection to : Received fatal alert: certificate_unknown

Last updated: Jun 22, 2022 05:06PM UTC | 2 Agent replies | 1 Community replies | How do I?

No connections to the polling server at polling.[domain] could be opened. The collaborator will not work in this configuration.

I am struggling to get my private Burp collaborator working correctly, running a health check gives: An HTTP connection to the capture server at 6qxgdpy57h21gh1p4si6u6jil9rm55pntqi.[DOMAIN] could not be opened. An HTTPS...

Last updated: Jun 22, 2022 12:48PM UTC | 1 Agent replies | 1 Community replies | How do I?

Help with H2.CL request smuggling lab

I am attempting to solve the "H2.CL request smuggling" lab. I verified that I can trigger the JavaScript alert when I simulate a victim user myself (e.g. I visit the home page in a separate session, then send the malicious...

Last updated: Jun 22, 2022 11:54AM UTC | 8 Agent replies | 11 Community replies | How do I?

How can i make send get request then post request in Intruder?

Hello i Have an AB test , first i need to send Get Request then Send Post Request , how can i automate this in Intruder ?

Last updated: Jun 22, 2022 07:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

BURP api is not working

Hi Team, I have generated api key and keeping http://127.0.0.1:1337 service running in useroption=> misc tab and i am trying to run http://127.0.0.1:1337/v0.1/ it is working fine but When i am trying to...

Last updated: Jun 21, 2022 12:48PM UTC | 1 Agent replies | 0 Community replies | How do I?

Install Burp Suite Enterprise inside alpine docker

Trying to install Burp Suite Enterprise inside alpine docker. Java is installed (OpenJDK-11) and it is in PATH. JAVA_HOME is set. Still, I get error that java is not found Trying to install Burp Suite Enterprise...

Last updated: Jun 21, 2022 12:20PM UTC | 3 Agent replies | 4 Community replies | How do I?

Anti CSRF Token

I keep spending hours on something so simple that should be part of this product... I can't bypass a simple setup like below to perform a scan. GET /comment provide anti csrf value in body let's call it...

Last updated: Jun 21, 2022 11:20AM UTC | 2 Agent replies | 0 Community replies | How do I?

Auto-reject client requests for sites with bad certificates

I'd like to configure Burp Suite to automatically reject requests from the client for sites with bad certificates. This seems really basic, but I haven't found a way to do this. Using badssl.com for testing, Burp Suite lets...

Last updated: Jun 21, 2022 10:21AM UTC | 2 Agent replies | 0 Community replies | How do I?

Extract strings matching a regexp in Burp

Hello guys, Any idea how to extract strings matching a regexp in Burp? I mean i see how to search but not how to extract. Thanks,

Last updated: Jun 20, 2022 08:41PM UTC | 2 Agent replies | 1 Community replies | How do I?

How does Active Scanner know the the request body to post to an api endpoint?

I ran burp suite's active scanner and in one of the requests it made to an API, the post request body was filled automatically with the needed JSON data. How does burp know what data it should post? I also used an extension...

Last updated: Jun 20, 2022 01:51PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Collaborator

Any reason why Burp Collaborator would stop working? not getting the ping responses on collaborator even when i visit the link in my own browser

Last updated: Jun 20, 2022 01:11PM UTC | 1 Agent replies | 0 Community replies | How do I?

export to csv format

Hi! Is it possible to export the Burp vulnerability report into a csv format instead of xml/Html?

Last updated: Jun 20, 2022 10:11AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 2 of 236

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image