How do I? - Page 3 - Burp Suite User Forum

unable to intercept google.com request

one of the application i am testing using google recaptcha which fetched from "https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit&hl=en" then i tried to access google.com it also not working. i...

Update

Ever since update i can no longer access anything with my burpsuite i get errors when i check for updates i get unable to check for updateds due to network error even when i try to access the browser within the proxy...

Lab - Reflected XSS into HTML context with most tags and attributes blocked

Hi I am busy with the lab, "Reflected XSS into HTML context with most tags and attributes blocked". I successfully fire the print() on myself and the simulated victim, but for extra practice preparing for the burp suite...

XXE file protocol to retrieve files

Hello, first of all: Thanks for the amazing learning materials, I have really learned a lot! My question concerns XXE, specifically the "file" protocol mentioned in the learning materials. It says that: "The...

How to run multiple scans with different scan configurations at the same time.

Hello, currently I launch multiple scans (each one with a different scan configuration) over one request. However this is time-consuming, and I want to know if there is a way I can semi-automate this process, if there is...

Issue type Certain , confirm and tentative( what does this mean )

Issue type Certain , confirm and tentative( what does this mean ) Confirm mean sure, no false-positive Certain mean sure, no false-positive tentative means not sure there may be the false postive I could not...

How do I stop burpcollaborator hitting my site?

I am running some servers for personal use and have never used burp suite or any of your tools. But my nginx logs are showing loads of hits with burpcollaborator.net in the UA I've blocked the IP they are coming from with...

Secure Connection Failed

I am facing the Secure Connection Failed for HTTPS websites. I have also added the Portswigger ca certificate still facing the same issue.

How are certain vulnerabilities listed in the labs meant to be found

Hi, while doing the labs and thinking about taking the Burpsuite Practitioner exam, I was wondering how some of these vulnerabilities are meant to be found. As an example, let's look at the CSRF labs. The following...

Problem during crawling in authentication

Hi, during crawling process in burp suite in authentication process in it is showing error: Failed to find additional rooms after recorded sequence: sequence_name'. I am using sequence recorder to authenticate. Although...

PRACTITIONER Authentication bypass via encryption oracle

on the solution box: 8.In Decoder, URL-decode and Base64-decode the cookie. Select the "Hex" view, then right-click on the first byte in the data. Select "Delete bytes" and delete 23 bytes. why url-decode and base64...

No response from remote server

Hello PortSwigger i have a common problem with this product, and it's the same for the past few days "No response from remote server" I did as much research as possible i imported and installed the certificate and so on and...

Browser doesn't load any page

burp's embedded browser doesn't load any page. I tried with intercept off and on and I checked the proxy setting. after starting to load a page after a few seconds loading stops and there is a white screen on the browser

Silent install for community edition

How can I install the Application on a windows machine silently? are there any options available?

Bapp Store

I've downloaded Burp Pro. Everytime i go into burp pro and i got to the Bapp store it tells me to install. I hit install and it says "installing" for hours and hours and never loads the store

Setup BURP Enterprise In a Docker Container

Hey All, I want to setup BURP Enterprise edition in a Docker container, so I can run it in a Kubernetes cluster. The documentation doesn't seem to show how to pass through the licensing section with variables or config...

XML injection error in JSON requests

Hello! We are doing burp scans on our application to tighten up security. And the scanner says we have XML injection vulnerability because it inserted XML into JSON and the back-end threw an exception. The errors are...

Flipping bit attack base64

The cookie of interest is encrypted and encoded two times with base64 I need Burp to decode two times, flip bit, and encode two times each attack. It looks like I can decode under Payload's "Payload Processing"...

Please make activate my burp pro license

Hello, Suddenly my burp pro license is failed. If you reactivate my burp pro license, It will be great thanks.

Different results Automated Scan vs Manual Active Scan

I am pretty sure this is some misconfiguration issue but I would like to clarify this. When I do Automated scan with "crawl fast" and "audit maximum" configurations I am not getting same results as when I do "active scan"...