How do I? - Page 249 - Burp Suite User Forum

Viewing VIEWSTATE in responses as well as requests

The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it...

headless xml report with

Hi Guys, Looking for quick help how can we get an XML report with base64 as false <request method="GET" base64="false">. I mean I need request and response in plain text rather than base64 encoded. I ran burp in headless...

encode xml payload ...

hello support and folk ... im trying to send an exploit to server vlun to : Apache Struts2 Remote Command Execution (S2-052) the payload is : <map> <entry> <jdk.nashorn.internal.objects.NativeString> ...

How to print out a report.

How to print out a report from Burp suite after a scan.

Queries or doubts regarding Web Security Academy

Hello Team, Hope you are doing well! Currently i am going through the training materials under Web Security Academy and i must say that you have explained the topics very well! I am also following up through Lab...

How to remove or encrypt passwords in Burp Pro v2.1?

Hello, I recently switched to Burp Pro v2.1 from v1.7.34 and I can't seem to find the "Passwords" option under the "Burp" drop down menu. I can't keep test credentials in the burp project file unprotected. Where is...

Jre requirements

Is there any issue with Jre10. I get this pop u: Burp is not tested for this edition. Some features may not work. And I do not get any RAW data in the RAW tab. But the data gets intercepted. I get intercepted...

Post request macro ingesting parameters from current request's JSON response?

I have a scenario where I am trying to take the output from an initial request's response and feed it into a second request. This can be done with traditional PARAM_BODY and PARAM_URL parameters using a macro (pre or post)...

Installation Burp Suite Professional

Good morning, we can´t burp suite enterprise installation because it show invalid user in login, our number of ref. is Qro0618. Thanks for your attention.

Burpsuite Pro v2.1 to intercept WebGoat via Proxy

I've been trying to intercept HTTP requests from WebGoat in both IE and Chrome via Burpsuite's proxy function the past few days. WebGoat is functioning as expected as I can see the site which is running on my host computer...

steps to configure the brupsuite enterprise into azure cicd pipeline

Am asking the very basic question but am looking to configure first build for security test , can you share sample script to configure the brup suite enterprise scanner into azure using powershell ..thank you I know you...

Macro with Dynamic URL

Hello Team, I need help. I have couple of login requests and only when the last request is fired, the server sends the cookie. But the problem here is my 3rd request out of 5 requests, contains a dynamic URL part which...

Group Repeater tabs

Is it possible or are there any extensions to group Repeater tabs? For example, Group 1 could contain all webapp1 requests and Group 2 could contain all webapp2 requests.

CSRF exercise

I am trying to solve the CSRF exercise/tutorial. I'm new to burp/port swigger. Here is a link to the exercise: https://portswigger.net/web-security/csrf/lab-no-defenses The solution I came up with is this: <form...

How do i generate the HTML REPORT for Burp suite Intruder

I am not able to generate the HTML report for Burp suite Intruder

Websocket disconnect when "Send A Message" to it.

Hello support, in the last version of burp I see that it is possible to reply websocket with repeater tab. but my problem is that when the websocket connection has been connected but after put a command message it...

Database version lab error

can you help me I am getting an error in the lab for MySQL and Microsoft version check query even solutions is also not working apart from the version I tried other things to check column and still giving an error. ...

Cycle one payload in sync with another

Using Intruder, within a string, I need to cycle between two values in one payload, in sync with brute forcing another payload. I have an ID of pattern XXXXXX-[(3|4)][0-9A-Z]{3}. For each 3 character value in the second...

Edit and resend websocket data

Hello, I'd wish to edit and resend websocket data, like we do for HTTP requests. Is that something doable?

Burpsuite unkown host errors

I'm sorry if this has been answered already but I have looked everywhere for answers and nothing has solved my issue. I have configured burp to fire fox but when I fire up a web page I get an error message that reads...