How do I? - Page 218 - Burp Suite User Forum

CSRF PoC vulnerability only succeeds while Proxying through Burp

This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp...

Examples of business logic vulnerabilities

Hello! When I try to complete lab https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-broken-logic at step to brute force 2fa code I recive 400 code after some tries and message like this:" HTTP/1.1...

Communication error while scanning

Hi, When i run passive scan or active on my respective website, it throws communication error. This error is showing in event log. Please help me in this issue.

Stuck in Business Logic Flaw Lab: Low-level logic flaw

Not sure how to solve this. Any suggestions?

Stuck in Lab: Low-level logic flaw

i need help in the mentioned lab, at least in which area we have to use Burp Intruder or Turbo Intruder more hints please :)

How do I login?

I entered my email address and the retrieve password. but i cannot login.

activation limit reached

Hi, It seems that I have used most of my activations while playing with different OS versions in my VMS. Could you please add one or two more activations please? Kind Regards

scan ID from POST response

I'm initiating a scan using Burp POST REST API (curl -vgw "\n" -X POST 'http:burpURL' -d '{"urls":[targetURL]}'), I see even number (scan / task_id) as a part of HTTP response location header but if I initiate a scan using...

Burp to command

Hi there, Is there a way to run the sitemap demo.testfire.net with external command and save to a file. Example, I want to run sslscan <sitename> gobuster -u http://<sitename>/ -w...

Integrating BurpSuite Enterprise Edition with Defect Dojo

How can I import BurpSuite Enterprise Edition scan reports into Defect Dojo? What format should I use to export the reports? I downloaded the HTML report and then imported into Defect Dojo, but the result is empty: the...

unable to provide license key

i am unable to upload license key, i was a trial user b/w feb and march this year, i got it extended till 8 October, starting form today, but i am unable to upload this key while using burp enterprise edition.

license

hello i still not get my link and license. thank you

Burp Suite Bruteforce with a Combo List ?

Hello .. I want to Bruteforce Login Page but i want to use a Combo List is it Possible ? Example Usernames:1 2 3 4 Passwords:5 6 7 8 I...

Intruder password probing

What technique i use if i want to run intruder where i know password length and want to run it one char by char in single attack where it starts checking for next char as soon as current char is found successfully so that i...

generate connection to websocket

Hi, How could I generate a new websocket connection. I can capture websockets from website and send them to repeater. But I would like to establish the connection flow from zero, and I need to create a websocket...

Clarification on the burp license purchased

Dear Team, I have couple of questions, 1. We don't have any license which will expires on 05th September. However we have a license Key which will expires on 06th Sep 2021. We have not purchased any license. 2. If...

Burp Suite Pro

Hi there, Is there any form of integration for Burpsuite Pro to Netsparker, Metasploit Pro, Nmap, Qualysguard or Burp Suite in any form?

I can't complete a sql lab

Is there a problem at this lab? Because i am not able to execute correct payloads. https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft

Cant Activate my burp

Hello, Please can reset my license, I reinstall my windows with a vm with Kali, Need activate both burp profesional. Past activation are not requiered anymore. Thanks

Redirection issue when using Intruder

The request which i pass to intruder is POST request. When i start the attack, i see that the response code is 301 and since i have configured intruder to follow redirects, it follows the redirection. But the issue is, when...