How do I? - Page 2 - Burp Suite User Forum

CORS vulnerability with basic origin reflection - Unable to solve

Hi Team, I tried the proposed solution but unable to get exploit working to get the API key. It returns Not Found in the logs. Can you confirm if the doc is updated one ?

How can i send two same request parallelly at the exact same milisecond?

I want to send two requests parallelly at the exact same time.When i use null payload in the intruder (number of threads=2, generate payloads=2, throttle=0ms) burp sends three requests.It first sends a baseline request and...

Burp Suite Enterprise edition - API endpoint scan

Could you please help me with performing API endpoint scan using Burp Suite Enterprise edition?

"Parse API definitions" not included in built-in scan configs for BSE (V2020.11)

I'm running v2020.11 for Enterprise and Burp Scanner. I cannot find the "Parse API definitions" settings under Miscellaneous section of the built-in scan config templates. Please advise next steps.

Get support on why Cross site forgery is showing when it is blocked

Our internal sites use Fortinet WAF to block CSRF, yet per your scan they show it. Can you please work with us to review this.

Activation Failed.

Hello, I get the following error when trying to activate "Burp Suite" (No more activations allowed for this license). How can I solve this? Thank you.

Connection Reset issue

Hi Team, i am facing connection reset issue whenever trying to connect to an internal application.

Burp Suit Enterprise edition installation - Getting 404 error

I have installed a burp suit on once of my company server. After installation - when I open burp suit I am getting 404 pages not found a message from the browser. Message is : {"code":1,"error":"HTTP 404 Not...

automatically logout and not activating

Hello sir, My burpsuite proffesional is automatically log out every time i try to use . And now its showing "No more activation" . I am the only user of this account .

Invalid client request received: Dropped request looping back to same Proxy listener

I have WebGoat running locally on port 9300 (so accessible via localhost:9300). When I configure a BurpSuite proxy listener to listen on port 9300, and then configure FireFox to point to a proxy also on 9300, and then I...

SQL injection attack, querying the database type and version on MySQL and Microsoft

I'm getting "Internal Server Error" message for every payload I use, even the ones in the solution. how is it possible to complete this lab?

Scan a predefined URLs list without crawling new URLs

Hello, so I have been trying to active scan an URL list. What I want to achieve is to make Burp scan every URL that I provide. The issue is, when I do an active scan on my URL list, Burp crawls every URL and I end up...

Request to refund for license amount

Hi Team, Kindly provide update for 1 burp license refund amount. Regards, Paladion Networks,

HEX view

Hello, Since the addition of the inspector panel (btw, a very cool addition), I can't find a way to view the hex representation of requests and responses in the message editor. Can I have an explanation on how to do...

BurpSuite Proxy Listener, Mac OS and Chrome not playing nice together

I'm trying to play with BurpSuite by attacking a local instance of WebGoat (intentionally-vulnerable web app at https://owasp.org/www-project-webgoat/) and am having some difficulty getting the proxy setup. I am on a...

Burp Enterprise - Scan Multi Step Login to Application

There is a challenge in scanning the typical application with multi step authentication. The actual site store-hashvalue.site.com however, to login to the site one has to authentication on login.site.com and then gets...

Lab: Modifying serialized data types

I have a problem with this perticular lab. I've followed the solution as well and still cannot access the admin account. I have a firefox web browser. Pasted in this in the cookies by pressing...

Username enumeration via account lock

Im getting session has locked out after every 400 requests(each time i tried its the same thing) so i tried to to use turbo intruder and while i am giving it a list of usernames it is printing unknown usernames and its...

Lab: 2FA bypass using a brute-force attack

Firstly, love all the labs you guys have, over 150 labs now, very impressive. Well done! For this lab "Lab: 2FA bypass using a brute-force attack", the solution is great, totally understand how it works etc. However,...

Having problems to start Burp Enterprise edition.

I have installed and set Burp Enterprise edition at 127.0.0.1:8080 however every time I visit from any browser It tells me to install certificate. I have certificate installed from Burp pro already , and again moved...