Burp Suite User Forum

Login to post

Exploiting HTTP request smuggling to perform web cache deception - Lab not working.

I have tried this lab more than 20 times now. With community and professional versions. I have also followed the steps mentioned and every time I get stuck in the end, I just don't get a static file with the victim's API...

Last updated: Jan 13, 2022 10:21AM UTC | 6 Agent replies | 8 Community replies | How do I?

how do i intercept API response

Hi, I am quite new to Burp I am trying to intercept API response could see reponse on encrypted format (looks like some junk test) on Burp suite - intercept tab can you help me how to fix that

Last updated: Jan 13, 2022 09:21AM UTC | 1 Agent replies | 0 Community replies | How do I?

...address these error messages when doing an audit and crawl?

1) Paused due to error: 10 consecutive audit items have failed 2) Discarding log entries as logger memory limit reached 3) Your system is running low on physical memory, yo may experience problems 4) [6] Communication...

Last updated: Jan 13, 2022 08:24AM UTC | 1 Agent replies | 0 Community replies | How do I?

Can I transfer the practice exam certification voucher?

I have purchased one exam certification voucher for one of my colleagues, but he won't take the certification. Is there a way I can transfer this to another one of my colleages?? Thanks

Last updated: Jan 12, 2022 02:55PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Bypassing access controls via HTTP/2 request tunnelling - Not getting the desired response.

Hi All, I am following the solution mentioned in the lab solution. In the last step when I change the :path to /admin, I get the following response, "HTTP/2 500 Internal Server Error Content-Type: text/html;...

Last updated: Jan 12, 2022 01:30PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Storing Credentials

Hi! Burp has 2 options using credentials : hardcoding and recording, in both cases burp stores credentials somewhere. I want to know how using BurpSuite Api Interfaces i can get them. If it`s possible ? I need this for...

Last updated: Jan 12, 2022 11:35AM UTC | 2 Agent replies | 1 Community replies | How do I?

BurpSuite Professional - Error No Supported CertificateVerify signature algorithm for RSA key

Hello I am having an issue when attempting to use my HardToken (CAC) certificates in tandem with burpsuite. I provide the certificates via Project Options > TLS > Client TLS Certificates > Override user options and inputting...

Last updated: Jan 12, 2022 10:50AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: URL-based access control can be circumvented error

Hello, I have a question about the lab "URL-based access control can be circumvented". For some reason, whenever I try to do the lab in Burp suite and I send the request to Repeater, after following the steps "Change the...

Last updated: Jan 11, 2022 08:37AM UTC | 5 Agent replies | 6 Community replies | How do I?

API Rest withou GUI

Dear support, I have installed burp PRO on an Ubuntu server I didn't find a way to include a key to access the REST Api so I made the configuration on a machine with GUI access and tried to use the UserConfigPro.json file...

Last updated: Jan 11, 2022 08:25AM UTC | 1 Agent replies | 1 Community replies | How do I?

Trial Version License Key for Professional

I want to use trial version for professional but i'm not able to use it could you please help me in this matter.

Last updated: Jan 10, 2022 11:17AM UTC | 7 Agent replies | 7 Community replies | How do I?

I want to stop burpsuite to update request headers in repeater

Hi For example i have a such request in repeater: GET /test Host: website.com Host: othersite.com When i send the request it will be: GET /test Host: website.com Host: othersite.com I dont want burpsuite...

Last updated: Jan 10, 2022 10:28AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab

Hi, This lab: Exploiting cross-site scripting to steal cookies, might be broken. I can only get my own session cookie sent to me Note : i didn't use burpcollaborator

Last updated: Jan 10, 2022 09:33AM UTC | 1 Agent replies | 0 Community replies | How do I?

Examity

i have an issue with examity.... its responding with 502 server error 502 - Web server received an invalid response while acting as a gateway or proxy server. There is a problem with the page you are looking for, and it...

Last updated: Jan 10, 2022 08:22AM UTC | 1 Agent replies | 0 Community replies | How do I?

No option to book an exam in Examity

Dear Portswigger, please the FAQ https://portswigger.net/web-security/certification/frequently-asked-questions says: "Do I need to create a user account with Examity? Once you have made the payment for your Burp Suite...

Last updated: Jan 10, 2022 08:20AM UTC | 2 Agent replies | 1 Community replies | How do I?

unable to access lab " Authentication bypass via encryption oracle"

Hi I am unable to access the lab unable to - Authentication bypass via encryption oracle. The error message displays as "An error occurred. We apologise for the inconvenience." Please help

Last updated: Jan 10, 2022 08:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

ANDROID 11 | VPN & APP USE CERTIFICATE UNABLE TO INSTALL

I downloaded cacert.der, Now I have cacert.der cacert.cer cacert.crt In certificate sections I have, CA - cacert.cer worked VPN & apps - UNABLE TO INSTALL so I cannot burp any app except google chrome WIFI -...

Last updated: Jan 07, 2022 03:46PM UTC | 3 Agent replies | 2 Community replies | How do I?

No localhost Requests

Hello, I've been trying to make the switch to Burp Suite but I'm having an issue of not seeing localhost requests whether it be HTTP history or Logger from a program. I'm able to get requests from any other host though from...

Last updated: Jan 07, 2022 02:30PM UTC | 2 Agent replies | 3 Community replies | How do I?

HOW TO PERFORM APK SCAN

Dear Team, We Want to perform APK scan.So please explain The steps how to perform APK scan in burp suite

Last updated: Jan 07, 2022 02:02PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burpsuite Collaborator Not Working (Using Public PortSwigger Server)

Hello everyone. I hope I am posting this in the correct channel. My question is regarding the Burpsuite Collaborator. My collaborator cannot connect to the Portswigger server and therefore does not work properly. Does anyone...

Last updated: Jan 07, 2022 12:07PM UTC | 1 Agent replies | 0 Community replies | How do I?

Downgrade from HTTPS to HTTP

Hi, How can I downgrade all the incoming communication from HTTPS to HTTP. i.e. the HTTPS (port 443) communication from client should be downgrade to HTTP and forwarded to port 80 of the server. I was trying using Proxy...

Last updated: Jan 07, 2022 09:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 2 of 214

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image