How do I? - Page 3 - Burp Suite User Forum

Active scan checking for categories outside of selected issue categories

Hello, Firstly, can't thank you folks enough for this awesome tool. I am trying to play around with the active scan under the "Issues Reported" section of the configuration. I have created a custom configuration in my...

Web Cache Poisoning with an Unkeyed Header

I solved the "Web Cache Poisoning with an Unkeyed Header" lab using the Exploit server provided in the lab. However, when I try to solve it a second time with my own exploit server that I set up with Ngrok and Python, it...

How to reset a lab

Hello Support, I was trying the "Lab: Basic clickjacking with CSRF token protection" but I tried to intercept server response and changed the post for change email with delete account. Now I'm unable to login using the...

Lab: SameSite Lax bypass via cookie refresh -

I was thinking about this part: "Observe that, after a pause, the CSRF attack is still launched. However, this is only successful if it has been less than two minutes since your cookie was set. If not, the attack fails...

Flipping bit Attack and Character Frobber

I was wondering if you could share with me how I could effectively perform a Flipping bit attack and Character robbery by using the Burp suite to uncover an encrypted base attack in the application that impacts the...

firefox 128 data not seen in burpsuite

I am running macbook with 14.5, firefox 128 and burpsuite community v2024.5.5 In Firefox i enable proxy 127.0.0.1 8081 and most sites aren't showing up in the proxy or target history If I use chrome, or the built in...

Client-side prototype pollution in third-party libraries

Hi, I'm having trouble with the lab, after I exploited the vulnerability and tested It on myself the XSS fired with alert(1) but when I tried alert(document.cookie) the cookies didn't appear and there's no attribute prevent...

Can not activate Burp Suite Pro

Hi Burp Suite Support, I have issue with activation of Burp Suite Pro. I got message "No more activations allowed for this license". Could you please help me out? Thanks,

Reset my all lab

I want to solve again all lab so reset my all lab that i have solved

FIX: Burpsuite not using full resolution

Hello,I am having issues with Burp suite only using 1024x768 of the screen instead of full 1080p. It opens in full screen but all the content is in the up left corner OS: BlackArch with dwm window manager on a KVM/QEMU...

multistep clickjacking

Auditing: Ignored Insertion Points: Skip all tests for there parameters

Hi, I defined my own configuration as follow: Settings\Configuration library New > Auditing Ignored Insertion Points: Skip all tests for there parameters How can I skip from auditing when scanning these URL path and...

CSRF Poc Doesn't work in Portswigger's Labs.

Hi, I've done some labs in the Academeny and I some are easy to understand and solve, However, the CSRF section doesn't work for me. I have created PoC for the First CSRF Lab titled: "CSRF vulnerability with no...

csrf poc not working for the victim but works for me.

Right now I am facing a problem the csrf poc works for me. But not for the victim when I click deliver exploit to the victim in the exploit server the lab is still not completed. But when I test it against me it is working...

Collect Training Progress for Engineers

Hi there, I have a handful of engineers using this platform to train and I'd love to track their progress. Is there an API I could use to track their progress? thanks! Damien

Academy Lab "Reflected XSS in canonical link tag" will not marked solved

Hi, i made my own solution for solving the Lab: `https://[web-academy]/post?postId=4&test=2%27accesskey=%27X%27onclick=%27javascript:alert(1)` and it does not work. Also the official answer does not work for me. But both...

Burp Suite Pro License can be used for more than one machine?

Hi Burp Suite Team, Can you give clarification for this question i got. If I have 2 laptops, one is Macbook, one is Windows laptop, can I install Burp Suite Pro for these 2 devices with one Burp Suite Pro license, or...

error

Couldn't read the API definition. Review the definition and correct any syntax errors. the error is displayed when i try for api scan and not working aslo

Confirming Client-Side Desync Results in Burp Scan Report

I ran a BURP scan and the client-side desync was detected. I'm having trouble understanding the confirmation logic in a Burp Scan report. I have read the James Kettle article as well as performed the Portswigger lab for the...

How to View Response in Repeater?

I took a short course on using Burp and wanted to play around with it some more a few days later. However, I noticed that when I capture an HTTP response and try to send it to Repeater, I can only see the request there. I...