How do I? - Page 205 - Burp Suite User Forum

Some requests don't include session cookies

Hi, portswiggers, I have an issue which might be just some misconfiguration, but I am not sure what am I doing wrong. I am talking about scanner functionality. I set the session option to include authentication cookie...

Intruder only works after repeater...sort of

Hi all, I'm 2 weeks into pen testing and burp so please forgive me if this sounds really simple. For some reason, the Intruder only works after I've run an instance in the Repeater. Steps I'm following are: 1. ...

burp how to do create socks4/5 porxy for capute socks4/5 traffic.

burp how to do create socks4/5 porxy for capute socks4/5 traffic. I WANT TO CAPTURE THE SOCKS4/5 TRAFFIC. BUT I NOT FOUND THE FUNCTION ON BURP....

Intruder---xss playload add-ons

Hello this is Olek I would like ask about intruder scanner.If I scan some website looking for some xss.I have about 1000 payload. There is some add-ons for burp to check which payload suit for xss. for example <script>...

Case Insensitive URLs

Dear PortSwigger, Currently trialing BurpSuite Pro. Was confused to provide a list of included URLs to target and found BurpSuite reporting 'page not found' for all of them. Looked more closely and it appears that...

How do I remove the informational links from the Proxy Intercept tab?

I've just upgraded to Burp 2020.11 and previously, once the first request had been made via the proxy intercept, the page displaying the "Open Browser", "Use a different browser" and other information disappeared. However,...

Stop the wait timewhen using Intruder?

Hi, I'm new to Burp and am trying to run a dictionary brute force test using rockyou.txt Problem I've got is that it seems to be waiting for some sort of timeout. The first 4 or 5 from the list get tried; then it...

How can I tell if a login has passed using Intruder?

Hi, I am using the intruder with an known username against out application. My payload included only 2 entries. 1. an invalid password 2. a valid password. As per below, I can't see any difference in the...

Intruder pauses after every 5 requests...

Hi, Sorry if this is a duplicate but I can't see my post from yesterday. I'm using INtruder to brute force our website using rockyou.txt. When I run, it tries 5 values; pauses for 20 seconds; then tries another 5;...

Trying to understand session IDs

Hi all, I'm trying to BruteForce our application. The application sits in AWS and uses csrf as it's login validation. When I login, I'm getting a Session ID created and my request looks like...

Remove duplicate items and extensions while scanning Burp Suite pro 2020 8.1 version

Hi, I am new to Burp and using Burp Suite pro 2020 8.1 version. Wanted to know to know, 1) How to "Remove duplicate items (same URL and parameters)"? 2) Remove items with following extensions (example - .gif, .jpg, .css,...

Parallel scanning(Crawl & Audit)

Currently we have Burp Suite Professional license and as of now we are doing sequential scanning which actually consumes lot of time (in days). Considering the short time we have, we would like to fasten the schedule of the...

Parallel Scan - Options & Difference

Based on our understanding, we could see 3 possible options to run scans in parallel. With that said, would like to know - a. Difference between each of them from performance & reporting perspective b. Which is the...

Basic Clickjacking with CSRF token protection

Hi I was doing my lab like I always do but in Basic Clickjacking with CSRF token protection by mistake I deleted my account nd I'm not able to login Is there any alternative way to login to it pls let me know as soon as...

Fix: EXE4J_JAVA_HOME

Hello, Using Windows 10: I am having an issue with the EXE4J_JAVA_HOME stating it is missing the JRE env. I have 1.8 on the machine with JAVA_HOME, and just added EXE4J_JAVA_HOME to the env vars. PS C:\> java...

Lab: Stored XSS into onclick event with angle brackets and double HTML

Hi! I've done the exercise https://portswigger.net/web-security/cross-site-scripting/contexts/lab-onclick-event-angle-brackets-double-quotes-html-encoded-single-quotes-backslash-escaped but it was not marked as resolved......

How do i add al subdomains to scope?

I have the domain test.com How can i add all the subdomains to the scope? *.test.com

Activation failed

Hi, i am performing tests on a weekly base and completely wipe my device afterwards, the license is never used by another person. There is no way to change this process. Do you have any advice? Activation is failing...

Community version

Please advise can use the community version for my testing I've downloaded one but it it's not intercepting just wanted to see if I can use for my daily work and buy a full version later.

No load balancer seems to be created for BSEE CloudFormation

I am trying to set up BSEE via the instructions at https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws. I have deployed the CloudFormation stacks, and they seem to have completed (according...