How do I? - Page 248 - Burp Suite User Forum

Cache poison labs - Responses not caching

Hello, I've been using the labs to practice cache poisoning. So far I've completed some of them, but since I tried the one that explotes DOM-based vulnerability, my requests made on burpsuite never receive a "X-Cache: hit"...

Combine detected issues in a report

I ran an active scan and the issue activity does not contain all of the issue activities detected/reporting from the dashboard. Is there a way to combine the two into one report?

Problems with challenges

hello team burp I face some problems in special challenges, in cache poisoning description When the cache is poisoned, the exploit works properly, but when the proxy is closed, the exploit does not work as a...

login error

Basic click jacking with CSRF token protection, vulnerability lab login credentials are not working error:login failed

Need a small more insights on SQL injections post

Hello everyone, I was going through the SQL injection learning materials, and I didn't quite understand a sentence I need some explanation to understand, that sentence follows, "In some situations, an attacker can...

Burpsuite Stops to intercept requests if connected with anyconnect VPN tool

Hi, I am connected with a VPN (Cisco AnyConnect Secure Mobile Client v4.8.00175) I have put proxy in my android phone (Marshmallow) I can intercept all https requests when I am NOT connected to vpn BUT i am facing...

Add email recipient to POST configuration on REST API

Hello Support, When I performing a scan from Jenkins, by the REST API. There is no report functionality like "add email recipient". Normally in Burp Suite Enterprise, this is configured by site. But how I configure...

How do I test an application using Server-Sent Events?

How do I test an application using Server-Sent Events? I tried turning off 'Set "Connection close" on incoming requests in proxy options, but it seems like the streaming response data never gets into burp and never gets...

Download software

Hi, How can I download the software with my account? My colleauge has arranged the license for our company, but I don't have his login credentials.

Unable to download burp professional

HI team , I've burp pro product key ,i want to download and activate burp professional edition. could you please help me out?

Parameter handling

Hello there How are you? Would you be so kind to nudge me in the right direction; how can I make use of this feature: Quote: from...

Verify Authentication for Enterprise Edition

I expect to see authentication details in /var/log/BurpSuiteEnterpriseEdition/enterpriseAgentAccess.log - however, for my scans I do not see any details being populated for scans that I provide login details. Need to...

SSL Burp certificate MacOS

Hi, I'm Lorenzo. I've followed the entire guide to install the CA certificate generated by Burp for Safari. https://portswigger.net/support/installing-burp-suites-ca-certificate-in-safari I've followed each step but it...

License no activate

I made the mistake of activating the license on a computer in which I would not use burp, when I carry out the process again it appears that this license does not have any more activations, I appreciate you can help me with...

Can not open a old burp project file

When try to loaded a old burp suite project fails I get this message The Selected project file appears to be corrupt and cannot be opened Burp will attempt to repair the project file. I select the file, then I...

Avaibility Burp Suite Enterprise edition

Hello Support, How do I provide availability with the Enterprise edition? In other words, how do you guarantee availability for the Enterprise edition? For example, redunancy with the Enterprise server, or redunancy...

Create Intruder Payload via RegExp

Hi there, with OWASP ZAP it is possible to create fuzzer payloads via a regular expression. Is this also possible within Burp Intruder? If so, how? Thanks a lot in advance!

Long scan that has multi parameters in body with hidden fields as a parameter.

Good Day Burp Suite and everyone. Here is what I am trying to do. I have single application to scan with many parameters in the body. If I have to pause the scan because of time allowed. Before I paused the scan,...

Stop scan from pausing irrespective of the number of errors

Hi Team, While trying to run a scan against a large number of urls my scan keeps getting paused as some of the urls are not reachable. `Task 4 Paused due to error: Failed to lookup host site.com while auditing.` This...

Getting a cache hit for a redirect

I've been playing with this lab for sometime in different browsers but cannot get a cache hit once I add the additional headers to trigger the HTTP 302 Redirect. I'm probably doing something wrong but even after looking at...