Burp Suite User Forum

Login to post

Burp Live Scan Payload Modification

I am running a live scan against a system and it comes back with OS Command Injection, and the payload used a sleep time of 20 seconds. I would like to increase the 20 seconds to around 1.5 minutes. I believe it comes back...

Last updated: Nov 18, 2020 11:01AM UTC | 2 Agent replies | 2 Community replies | How do I?

Lab: 2FA bypass using a brute-force attack

I have been working on this one for a while. Outside the corporate network and working from home, I have found the responses came back very slowly compared to some other similar labs I have run. Therefore, when I ran my...

Last updated: Nov 18, 2020 10:15AM UTC | 8 Agent replies | 16 Community replies | How do I?

License Activation - OS Reinstallation

Hi Team, We installed Burp Suite on our systems and updated to the latest OS version, however, due to some issue had to reinstall an older version. After reinstalling BurpSuite and trying to activate, we get an error...

Last updated: Nov 18, 2020 08:56AM UTC | 1 Agent replies | 0 Community replies | How do I?

How to modify https response

In Repeater, we can edit request and see the response, but same way can we edit response and see the output ?

Last updated: Nov 18, 2020 08:34AM UTC | 5 Agent replies | 4 Community replies | How do I?

Lab: URL-based access control can be circumvented error

Hello, I have a question about the lab "URL-based access control can be circumvented". For some reason, whenever I try to do the lab in Burp suite and I send the request to Repeater, after following the steps "Change the...

Last updated: Nov 17, 2020 04:52PM UTC | 3 Agent replies | 3 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

Hi, When following the solution to this lab, the second request results in bad request error and not the expected result of the lab. I have tried it with Burp and curl with the same result. Not sure what I am...

Last updated: Nov 17, 2020 02:08PM UTC | 5 Agent replies | 7 Community replies | How do I?

No more activation allowed for this license

No more activation allowed for this license... I changed my office desktop yesterday. Is there any way to activate the license? The desktop I used before was formatted.

Last updated: Nov 17, 2020 08:12AM UTC | 1 Agent replies | 0 Community replies | How do I?

List of Labs related to Apprentice level

Hi It's very interesting to learn and solve the labs. I have done 15 Apprentice and 10 Practitioner level labs. Is there a way to list all the 36 Apprentices labs to complete. It will give a satisfaction and will focus...

Last updated: Nov 17, 2020 12:41AM UTC | 1 Agent replies | 1 Community replies | How do I?

Switch to another language

It is difficult for the novice

Last updated: Nov 16, 2020 05:21PM UTC | 1 Agent replies | 0 Community replies | How do I?

Blank lines in Requests

There are exercises, for example "URL-based access control can be circumvented" in the "Access Control" lab, where you add a custom header to your requests to complete them. The requests themselves when passed through Burp...

Last updated: Nov 16, 2020 03:11PM UTC | 1 Agent replies | 0 Community replies | How do I?

There is a problem during installation.

Hello There is a problem that the burpsuite_pro-trial version is downloaded and is not installed in progress of installation. My PC os is Windows 10. After clicking burpsuite_pro_window-x64_v20_4_1.exe, the installation...

Last updated: Nov 16, 2020 12:09PM UTC | 3 Agent replies | 2 Community replies | How do I?

Invalid client request received: Dropped request looping back to same Proxy listener.

I am not able to access any site with Burp open, not even HTTP (I have already configured the certificate). Every website I try to access appears with this Burp welcome message: https://i.imgur.com/zlDgpvD.png And...

Last updated: Nov 16, 2020 11:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

About Web Security Academy

We have contacted you about the Web Security Academy available on the portal site. https://portswigger.net/web-security ① How often is this site updated? Also, if the latest threats appear, will the attack methods and...

Last updated: Nov 16, 2020 11:01AM UTC | 1 Agent replies | 0 Community replies | How do I?

Web Cache Poisoning X-Forwarded-Host

Hi, I am attempting the "Web cache poisoning with an unkeyed header" lab. I am not receiving a response in the Repeater when I add the X-Forwarded-Host (example.com). However, I receive a response as normal with or...

Last updated: Nov 16, 2020 10:45AM UTC | 2 Agent replies | 2 Community replies | How do I?

Basic clickjacking with CSRF token protection

Is there a bug or something because the lab needs to login using given credentials and whenever i try to do that it logs me in the first time but if i reload or log out it wont let me login again and says invalid username...

Last updated: Nov 16, 2020 10:04AM UTC | 4 Agent replies | 3 Community replies | How do I?

Enable deprecated TLS Cipher Suites

I am doing a study on involving TLS and I need to add specific cipher suites that I don't see listed under the TLS Ciphers option. To clarify, I do the following: Project Options > TLS > Enable Custom protocols and ciphers....

Last updated: Nov 16, 2020 09:37AM UTC | 1 Agent replies | 0 Community replies | How do I?

Error message when using FoxyProxy

Hi everyone! Hopefully someone more skilled than me can help with the error message I get saying: " Secure Connection Failed An error occurred during a connection to www.google.se. Peer’s certificate has an invalid...

Last updated: Nov 16, 2020 08:27AM UTC | 1 Agent replies | 0 Community replies | How do I?

all the website url changed to this url

when i use the Burp proxy and check the website at burp the website URL changed to one of the following URLs for ex : I use www.google.com as the browser and Host: ocsp.digicert.com Host:...

Last updated: Nov 16, 2020 08:14AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Using PHAR deserialization to deploy a custom gadget chain

I have a question about the Lab regarding a deserialization attack using Phar. The gadget chain used there looks like this: class CustomTemplate {} class Blog {} $object = new CustomTemplate; $blog = new...

Last updated: Nov 15, 2020 07:16PM UTC | 1 Agent replies | 3 Community replies | How do I?

Delete old items from "Issue Activity" list

I read somewhere that there should be an option (contextual right click" to delete but I don't see it. im on latest 2020-11 build

Last updated: Nov 13, 2020 03:49PM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 3 of 143

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image