How do I? - Page 2 - Burp Suite User Forum

Question regarding the Cache key injection lab

https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection Hi there, could anyone provide some insight on the Cache key injection lab, not able...

OS injection command

Hello PortSwigger: I have a question regarding this lab: https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band I used Burp's scanner to check for insertion points, and the results indicate...

Japanese characters are garbled in Inspector

Japanese characters are garbled in Inspector. My settings are as follows: (settings > User interface > Inspector and message editor) HTTP message display Font: MS ゴシック Character sets Use a specific character...

reset progress on the labs and learning materials

Hello :) Can you please reset my progress on the labs and learning materials?

Recorded Login Sequence Crawls only recorded part

Hi PortSwigger Team, After using your Scan -> Recorded Login Sequence for scanning, only the recorded parts are getting crawl while the remaining part didn't gets scanned. so for recording whole website whats should & how...

Academy Progress Reset

Hello :) Can you please reset my progress on the labs and learning materials?

Reset my progress

Good Morning Portswigger Team, I would like to reset my Portswigger Labs Progress Thankyou

how to get values in responses such as set cookie session and csrf and use them as an attack

hihow to get values in responses such as set cookie session and csrf and use them as an attack ``` import requests from bs4 import BeautifulSoup import time, random sess = requests.Session() payloads =...

How to reset a lab

Hello Support, I was trying the "Lab: Basic clickjacking with CSRF token protection" but I tried to intercept server response and changed the post for change email with delete account. Now I'm unable to login using the...

SameSite Lax bypass via cookie refresh problem the thing is that my exploit its ok when i check the view exploit but when i deliver it wont work

<html>  <body> <script> window.onclick = () => { ...

Saving URLs responses to into multiple files

Hi team , Is there any way to save the URLs responses into multiple files like the original structure ( myabe like the structure in the site map ) and not all of them in just single file ? It's super usefull for doing...

i have a problem with Lab: CSRF where token is tied to non-session cookie

Hi i just login to the second account and i just replace it with the victim csrf token and key as you see in img tag but the thing is when i click on view exploit it say invalid csrf token when i check the burp i saw that...

the lab dont solve when i click on deliver exploit to victem but its all good dont know the problem

<html>  <body> <form action="https://0a93005703ada40c80ab71ad009c009d.web-security-academy.net/my-account/change-email" method="GET"> <input...

GUI and font Issues

Dear Support I'm trying to use BurpSuite Community edition on Ubitnu 24.04. Sadly i can see some graphical glitches and i cannot see neither the text in the responses nor the text in the requests. I can see the text...

Unable to open Burp Browser

Iam unable to open Burp Browser from the burp suite community edition, as iam facing the error as Burp Browser Error, java.io.IOException: cannot run program and it is saying that system cannot find the file specified.

i solve the lab CSRF where token validation depends on token being present but i site dont show lab solved

<html>  <body> <form action="https://0a8500bb031f49e28188660500e300ba.web-security-academy.net/my-account/change-email" method="POST"> <input...

Lab not solving: Multistep clickjacking

Hi I am trying to solve the lab with the following payload, but its not solving. All the placement is correct. Please help! <style> #far { position:relative; width: 1000px; height: 800px; ...

Rotate all hosts through the AWS API Gateway proxy

I have been using the IP Rotate extension for Burp Suite, but it only rotates one host at a time. Is there any other way I could rotate all hosts through the AWS API Gateway proxy?

How to manage session refresh with JWT

Hello and nice to meet you, I'm currently working on a pentest and i'm facing some sessions issues. For the context, i have a JWT inside the "authorization" header and i want to do some scanners. Everything works fine...

License Activation

A few days ago I purchased a Burp Suite Pro license. After that I've started to install it on my PC and virtual machines. And faced with activation failed issue. How can I activate Burp Pro License after reconfiguring my VM?...