How do I? - Page 254 - Burp Suite User Forum

Burp Enterprise authentification

Is it possible to plug it to a centralised directory for authentication like with SAML v2 ?

License not uploading

Failed to upload license: An unexpected error occurred. If this problem persists, please contact support@portswigger.net. Geting this error when uploading license

Migrate Database Issue - Burp Enterprise

I am attempting to migrate the database and am receiving this error message: Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: Cannot find the user 'burp_agent', because it does not exist or you do not have...

Second Order Testing | Burp Scanner

I'm trying to setup a session rule for Burp Scanner, is it possible to create a session/macro for the following scenario? Scenario: Webpage #1: POST Request http://example.com filename=payload Webpage #2:GET...

Activate a license key manually in the PortSwigger website

I have a license key from my colleague in William Hill, but can't download the Burp Suite Professional program because I don't have a license associated with my newly created account.

Is this a false positive? (sql / xpath injection)

Google brought me here. This previous post from 2015 seems similar to what I'm experiencing: https://forum.portswigger.net/thread/probable-bug-sql-injection-avoidable-false-positive-d1e55f31 Basically I have two...

traffic Interception issues for vpn based applications

I have a licensed burp installed on my system. I am currently testing an IOS mobile app, the IOS mobile app works only when the vpn to my company network is established. My laptop is also on vpn connection. I have...

Use the jenkins plug-in with pipeline scripting

Hello, Is there a way to use the burp enterprise jenkins plug-in inside a groovy pipeline script. Something like (jenkins pipeline syntax follows): stage('Web scan') { steps { ...

Audit a REST API

There's a way to audit a rest API with Burp enterprise using the swagger file like with OpenAPI Parser in Burp Pro?

Exploiting cross-site scripting to steal cookies

I inject javascript code to steal cookies but the online lab doesn't simulate another user who views blog comments after they are posted ... any idea why ? Known bug ? I don't use Burp Collaborator but a service hosted on...

Can I use private Burp2 Collaborator Server deployment with Burp1.7 Professional?

Hi, We are doing gradual rollout of Burp2, upgrading from Burp1.7 (professional versions). At the moment, Burp Collaborator is Burp 1.7. Is Burp 2 Collaborator Server backward compatible, so Burp 1.7 can continue to...

Autocomplete/Autofill enabled

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : "It was noted during the assessment that auto-complete feature was enabled on certain...

Improper Error Handling

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : At Error page, Application returns stack trace and debugging information, which...

Excessive information provided in response headers

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : By default, excessive information about the server ISS 10 application are returned...

Privilege Escalation

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : The application has different level of user access: General user and Admin user....

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

Hello, I'm trying to figure out what is going on under the hood but with no luck so far. Trying following as a possible solution I don't understand why the Response is "Unrecognized method G0POST" Why there is a zero...

Modify Executable in the Intercept Response Tab

Hi Folks, I have the following test use case with Burp and i kindly request your insight to resolving this: 1. I need to showcase a proof that a windows client (target) doesnt perform signature validation on the client...

How to decrpyt or encrpyt password hashes like SHA -256 , 512 ,224 with burp suite pro

Please help me with decrypting or encrpting password hashes when i try to hash/ de-hash using decoder the text appears to be scrambled

Regaring Web Security Academy : Lab: Exploiting cross-site scripting to steal cookies

In this Lab which user to simulate as the lab does not give option to create a new user , post comments in the blog with new user , Login as another user , view the new user blog , exfiltrate the another user cookie and send...

Burp Macro Session Handling

I'm trying to generate a HMAC token on each request. I have an API that needs to launch first with custom HMAC headers to generate token. After that I have another API calls that needs that generated tokens. What I've...