How do I? - Page 3 - Burp Suite User Forum

make burp intruder follow redirects (302) ?

I know that it is possible to make repeater follow redirects. But is it possible to make intruder follow redirects?

Scanner errors

I use Burp Suite Enterprise for scanning our web applications. Of let scheduled scans have been failing to run. Below are the errors that app is returning: #Failed to despatch scan to New agent1. #10 consecutive audit...

xss

i dont know how to make different payloads for different labs like i am not able to figure out which payload will work where. i just want some guaidance so can you help me?

Burp Infiltrator and .net 4

I am trying to install the infiltrator on web server that has .net 4 framework. When installing it keeps saying that it cannot install the .net 3.5. Is the infiltrator able to run on version 4? When building the...

How do i scan GUI test which runs on google chrome.

We are trying to scan the GUI tests using burp suite, but the chrome which is triggered does not have burp extension. Kindly guide us on how we can trigger a google chrome with burp extension in automated way.

How to proceed with API testing using burp suite community version

Please send me documentation link using which I can proceed with API testing in community version. I have to test Get requests.

Modifying Burp EE CloudFormation templates to expose REST API outside the VPC

I am trying to use the official Burp EE CloudFormation templates (https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws) to install Burp EE on my AWS account. The problem is, these...

Having issue signing into the "Basic Clickjacking with CSRF token protection" lab

I'm unable to even start the lab (https://portswigger.net/web-security/clickjacking/lab-basic-csrf-protected). The provided credentials, carlos/montoya, do not work for me. Any ideas?

Account brute force lock out

Hi, I'm trying to solve this lab https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-account-lock. I found the username I try to brute force password but the account always...

Install the required components for Browser Powered Scanning

I'm new to Burp Enterprise, and my credentialed scans are failing with an error that my hardware doesn't support Browser Powered scanning. After investigation, I have enough disk space, CPU, and RAM assigned. One...

unable to use burp

hi I have just bought the BURP PRO but I got an email saying "We are really sorry but there seems to be a problem with your order for Burp Suite Professional. One of the Customer Happiness team is looking into this for you...

License Problem

Hi There I am a consultant and use Burpsuite Professional, I realized I had not installed the pro version on our VM image and The license does not allow me to license the instance for my current project, any assistance...

Testing WEB API connection

HELLO DEARS, I need to test an authenticated WEB API, through a header "AUTORIZATION" + <STRING OF 30 CHARACTERS>. I don't understand how BURP could be configured to be able to test, since for now it only gives me the 401...

need to scan one of my URL

I need to scan one of my website but scan audit is showing as 10d remaining.Please help on this.

Burpsuite Community v2021_7_1 Windows 10

Hi, I downloaded burpsuite_community_windows-x64_v2021_7_1 file as jar and exe file on Windows 10. When I started to installation by exe file, half time of the progress bar the installation was stopped and nothing...

Could not find or load main class .awt.headless=true

Hi, when trying to run burp in headless mode I get the following error: Error: Could not find or load main class .awt.headless=true Caused by: java.lang.ClassNotFoundException: /awt/headless=true

Why does Burp Suite Enterprise say "Pending License" after adding new agent server?

I just added a new agent server to be used by Burp Suite Enterprise V2021.6. I accepted the agent machine as a valid agent machine and then added one license to this the new machine. The problem is that the original machine...

Burp not capturing local Andriod network traffic

I'm trying to use Burp to capture traffic from my routers companion app. I've set up the listening port, installed the burp certificates system and client side and installed 'ProxyDriod' to isolate the traffic from the...

Lab: DOM XSS in document.write sink using source location.search inside a select element

Hello, i have a very simple question regarding this lab, I'm not really sure why my payload worked. The source-sink of this DOM based xss is the GET param `storeId` and can be summarized here: var store = (new...

SSRF with whitelist-based input filter

Hi everyone, I'm working on solution of SSRF with whitelist-based input filter lab. The payload which used by solution is http://localhost:80%2523@stock.weliketoshop.net/admin/delete?username=carlos. I have searched...