How do I? - Page 200 - Burp Suite User Forum

How to do following thing in Bupsuite.

1)SQL injection 2)Brute force attack 3)PHP code injection 4)Python Code injectio 5)OS Command injection 6)Client-side HTTP parameter pollution (reflected)

how to compare a websites two account with sitemap

hi there, i have a website link abc.com and i created two account with different features. now i want to compare two account with sitemap . how to compare this i did not find any post with pic or video about it

Switching from Community to Professional

Hello All, We have a pro licenses that we're been using on devices external to our company. Now there is a need to also use on internal devices (same team). Is there a way to download the pro package and input...

Username enumeration via account lock - session timeout

I cannot seem to finish this lab as my session always times out. Any suggestions?

Android version 9.1 doesn't intercept HTTP/HTTPS Traffic

Hello Team, I'm trying to intercept Http or HTTPS traffic to Burp Suite Server but doesn't success. Here are the steps I did: 1) Setup Burp suite Proxy (set Machine IP address instead of 127.0.0.1) 2) Setup Proxy Manual...

LAB Reflected XSS with AngularJS sandbox escape and CSP

Hi For LAB Reflected XSS with AngularJS sandbox escape and CSP If there is no window popup for this lab ? If so what's the reason behind? Regards

Automating installation / update burp enterprise

Hello, I want to deploy burp suite enterprise on aws and I am automating infrastructure with terraform and burp suite enterprise installation with ansible. From the documentation I see there is just wizard. Is there any...

Burp Certificate

Hello there! Can't find a Burp certificate to download. Link such as http://burp or http://burpsuite are getting an error - site can not be reached. Please help. Thanks. Maja

Do not log request specific URL to HTTP history

Hi, why the following rule is not working? I am trying to skip requests for /ux_analytics /notify/subscribe I used full path URL rule: https://target/notify/subscribe but the request keeps showing in the HTTP history tab,...

Top ten owasp vulnerabilities scanned by the scanner.

Hello, I wanted to know if you have a page referencing all the points of the "TOP 10 OWASP" processed by your scanner ? How far does each proposed library cover the points of the TOP 10 OWASP. I didn't find any...

i have certificate problems

Hi portswigger support team i have a problem with my certificate, i can't load your or any other websites with htpps i imported certificate in http://burpsiute but it doesn't work i updated my firefox reinstalled it but it...

Reg Enterprise Burp Suite

Hi, If a customer buying Enterprise burp, is it default with one agent or they have to buy Enterprise server + One Agent like that.. Regards, Basu

How do I break SSL Pinning

How do i break SSL Pinning in android and iOS Apps with Burp Suite Pro? Is there any feature available ?

Importing scoped or scanned urls ( requests ) from the previous saved project without importing the complete project

Hi Team, Wanted to check if there is a feature through which i can export or save to requests which was scanned. So that in subsequent scan i can just import the saved request ( or at least the urls ) for further scanning...

Enable http request

i'm using burp suit with fire fox and it work just fine with https sites when i tried to access http site it told me : " Burp Suite Community Edition Error Connection reset " what should i do ?

How do I download the Burp pro file. !FRUSTRATED!

Hi, I have been provided with a burp pro licence file by my organization that I work for unfortunately I couldn't find a legal, straight forward way to download the burp pro file so that i can setup it on my system. Why is...

What is "Target" means in Burp Repeater

hi support, I have a question about a parameter in Burp Repeater What is "Target" means in Burp Repeater? In my understanding , this "Target" which is the host url that current I request for Above of my understanding,...

Web cache poisoning with an unkeyed header

Hi there. Sorry to bother. I have tried to finish the Lab "Web cache poisoning with an unkeyed header" but couldn't do it. First, after added the X-Forwarded-Host in Repeater of Burp then, I cannot receive any response...

test

test a thing

Can I change the domain name or IP address in stored state?

Hello? I would like to scan actively in domain name B using stored burp state when I scanned passively with domain name A. B would run the same service that A have run. Is this possible? If then, could you let me...