How do I? - Page 3 - Burp Suite User Forum

Burp Live Scan Payload Modification

I am running a live scan against a system and it comes back with OS Command Injection, and the payload used a sleep time of 20 seconds. I would like to increase the 20 seconds to around 1.5 minutes. I believe it comes back...

Lab: 2FA bypass using a brute-force attack

I have been working on this one for a while. Outside the corporate network and working from home, I have found the responses came back very slowly compared to some other similar labs I have run. Therefore, when I ran my...

License Activation - OS Reinstallation

Hi Team, We installed Burp Suite on our systems and updated to the latest OS version, however, due to some issue had to reinstall an older version. After reinstalling BurpSuite and trying to activate, we get an error...

How to modify https response

In Repeater, we can edit request and see the response, but same way can we edit response and see the output ?

Lab: URL-based access control can be circumvented error

Hello, I have a question about the lab "URL-based access control can be circumvented". For some reason, whenever I try to do the lab in Burp suite and I send the request to Repeater, after following the steps "Change the...

Lab: HTTP request smuggling, basic TE.CL vulnerability

Hi, When following the solution to this lab, the second request results in bad request error and not the expected result of the lab. I have tried it with Burp and curl with the same result. Not sure what I am...

No more activation allowed for this license

No more activation allowed for this license... I changed my office desktop yesterday. Is there any way to activate the license? The desktop I used before was formatted.

List of Labs related to Apprentice level

Hi It's very interesting to learn and solve the labs. I have done 15 Apprentice and 10 Practitioner level labs. Is there a way to list all the 36 Apprentices labs to complete. It will give a satisfaction and will focus...

Switch to another language

It is difficult for the novice

Blank lines in Requests

There are exercises, for example "URL-based access control can be circumvented" in the "Access Control" lab, where you add a custom header to your requests to complete them. The requests themselves when passed through Burp...

There is a problem during installation.

Hello There is a problem that the burpsuite_pro-trial version is downloaded and is not installed in progress of installation. My PC os is Windows 10. After clicking burpsuite_pro_window-x64_v20_4_1.exe, the installation...

Invalid client request received: Dropped request looping back to same Proxy listener.

I am not able to access any site with Burp open, not even HTTP (I have already configured the certificate). Every website I try to access appears with this Burp welcome message: https://i.imgur.com/zlDgpvD.png And...

About Web Security Academy

We have contacted you about the Web Security Academy available on the portal site. https://portswigger.net/web-security ① How often is this site updated? Also, if the latest threats appear, will the attack methods and...

Web Cache Poisoning X-Forwarded-Host

Hi, I am attempting the "Web cache poisoning with an unkeyed header" lab. I am not receiving a response in the Repeater when I add the X-Forwarded-Host (example.com). However, I receive a response as normal with or...

Basic clickjacking with CSRF token protection

Is there a bug or something because the lab needs to login using given credentials and whenever i try to do that it logs me in the first time but if i reload or log out it wont let me login again and says invalid username...

Enable deprecated TLS Cipher Suites

I am doing a study on involving TLS and I need to add specific cipher suites that I don't see listed under the TLS Ciphers option. To clarify, I do the following: Project Options > TLS > Enable Custom protocols and ciphers....

Error message when using FoxyProxy

Hi everyone! Hopefully someone more skilled than me can help with the error message I get saying: " Secure Connection Failed An error occurred during a connection to www.google.se. Peer’s certificate has an invalid...

all the website url changed to this url

when i use the Burp proxy and check the website at burp the website URL changed to one of the following URLs for ex : I use www.google.com as the browser and Host: ocsp.digicert.com Host:...

Lab: Using PHAR deserialization to deploy a custom gadget chain

I have a question about the Lab regarding a deserialization attack using Phar. The gadget chain used there looks like this: class CustomTemplate {} class Blog {} $object = new CustomTemplate; $blog = new...

Delete old items from "Issue Activity" list

I read somewhere that there should be an option (contextual right click" to delete but I don't see it. im on latest 2020-11 build