How do I? - Page 248 - Burp Suite User Forum

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

Hello, I'm new in this world and I already have an issue on the first lab (F****ng Hell) but i'm not down yet ! Even reading the solution I have issue on finding the "Unrecognized method GPOST" when using the Burp...

Problem With the certificate

I cannot acces the page http://burp/ , the page is not working, how to get the certificate?

Burp with VPN in mobile.

My android application works when it is connected to VPN only, I have installed VPN in my mobile and now my application is working fine. But problem is burp is not able to intercept request when mobile is connecting to...

JRE Warning

Hello When I start up Burp Suite, I get the error message, "Your JRE appears to be version 12.0.1 from Oracle Corporation. Burp has not been fully tested on this platform and you may experience problems." Should I be...

Viewing VIEWSTATE in responses as well as requests

The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it...

headless xml report with

Hi Guys, Looking for quick help how can we get an XML report with base64 as false <request method="GET" base64="false">. I mean I need request and response in plain text rather than base64 encoded. I ran burp in headless...

encode xml payload ...

hello support and folk ... im trying to send an exploit to server vlun to : Apache Struts2 Remote Command Execution (S2-052) the payload is : <map> <entry> <jdk.nashorn.internal.objects.NativeString> ...

How to print out a report.

How to print out a report from Burp suite after a scan.

Queries or doubts regarding Web Security Academy

Hello Team, Hope you are doing well! Currently i am going through the training materials under Web Security Academy and i must say that you have explained the topics very well! I am also following up through Lab...

How to remove or encrypt passwords in Burp Pro v2.1?

Hello, I recently switched to Burp Pro v2.1 from v1.7.34 and I can't seem to find the "Passwords" option under the "Burp" drop down menu. I can't keep test credentials in the burp project file unprotected. Where is...

Jre requirements

Is there any issue with Jre10. I get this pop u: Burp is not tested for this edition. Some features may not work. And I do not get any RAW data in the RAW tab. But the data gets intercepted. I get intercepted...

Post request macro ingesting parameters from current request's JSON response?

I have a scenario where I am trying to take the output from an initial request's response and feed it into a second request. This can be done with traditional PARAM_BODY and PARAM_URL parameters using a macro (pre or post)...

Installation Burp Suite Professional

Good morning, we can´t burp suite enterprise installation because it show invalid user in login, our number of ref. is Qro0618. Thanks for your attention.

Burpsuite Pro v2.1 to intercept WebGoat via Proxy

I've been trying to intercept HTTP requests from WebGoat in both IE and Chrome via Burpsuite's proxy function the past few days. WebGoat is functioning as expected as I can see the site which is running on my host computer...

steps to configure the brupsuite enterprise into azure cicd pipeline

Am asking the very basic question but am looking to configure first build for security test , can you share sample script to configure the brup suite enterprise scanner into azure using powershell ..thank you I know you...

Macro with Dynamic URL

Hello Team, I need help. I have couple of login requests and only when the last request is fired, the server sends the cookie. But the problem here is my 3rd request out of 5 requests, contains a dynamic URL part which...

Group Repeater tabs

Is it possible or are there any extensions to group Repeater tabs? For example, Group 1 could contain all webapp1 requests and Group 2 could contain all webapp2 requests.

CSRF exercise

I am trying to solve the CSRF exercise/tutorial. I'm new to burp/port swigger. Here is a link to the exercise: https://portswigger.net/web-security/csrf/lab-no-defenses The solution I came up with is this: <form...

How do i generate the HTML REPORT for Burp suite Intruder

I am not able to generate the HTML report for Burp suite Intruder

Websocket disconnect when "Send A Message" to it.

Hello support, in the last version of burp I see that it is possible to reply websocket with repeater tab. but my problem is that when the websocket connection has been connected but after put a command message it...