How do I? - Page 36 - Burp Suite User Forum

i got a 403 every time i proxy true burp

good day buddies pls i got a 403 every time i proxy true burp then check the request and discover that some additional poisonous headers is been added which makes waf to block the request pls any guide on how to fix this...

How do i get my lab as solved?

Hi, Im a newbie and im doing the first few labs. Im doing the "SQL injection vulnerability allowing login bypass" in BURP Suite and have managed to resolve it but it is not setting it to 'Solved'. Im using The BURP...

Forced OAuth profile linking

The official solution includes instructions to create an iframe in the exploit server in which the src attribute points to the /oauth-linking... URL. However, the /oauth-linking response includes an X-Frame-Options:...

Authenticated Scans on Appication with 2FA login

Hi Team, I wanted to if application have 2FA(login and OTP) how to configure Burp Enterprise for the same. I can only see authentication with simple username and password field to add in auth configuration in...

Difference between Firefox and Chrome in CORS labs

Hello, I'll try to keep this short and precise. Let's open lab "CORS vulnerability with trusted null origin" and use the provided solution on exploit server. Now let's try it in chrome. We log in, open the /exploit...

Raw, Params, Headers not appear

Hi team, I'm new with burpsuite, I have a problem it is that I cannot see the tab that shows the tabs "Raw", "Params", "Headers" and "Hex", but I have only "Pretty","Raw","\n","Action", how to fix it? Thank you.

how integrate with AD

Hi, I have configured LDAP and connection is successful. I have created same exact name as the corresponding groups on your LDAP server. I do not see any user is pulled in user list OR can able to logon. Am I missing...

Allow event-stream requests without waiting.

I have a particular application which is using Event-Stream to bring commands from server regularly. While using with Application with Burp, Burp keeps on waiting for response for that particular event-stream, eventually...

Help on No response received from remote server

When i do the post request of some sites, it shows No response received from remote server. I reinstalled the certificate and also trust from system.

New variable to BChecks

Hello hackers I would like to add "insertion_point_name" into issue description, but there is no such variable or something like that. And is it possible to make bold text in description? I try <b> [b] * but looks...

Pen Testing Point Of Sales Application

Hi Team, We are attempting to intercept the traffic in order to conduct penetration testing on POS applications such as Oracle Xstore and Samba POS. However, we are currently unable to capture the traffic. Could you...

Stop current webpage from appearing in HTTP History

Greetings. So I have a tendency to listen to music while working, and I do it using Soundcloud. But using it on my browser really messes up my HTTP History with unnecessary traffic shown. Sure I can open it in incognito...

Access to Labs

Hi, I can't Access the labs in portswigger. It takes me to a blog even I click the button and it won't load the lab. Please help.

BCheck Question

Hi, I am trying to write a bcheck that will simply repeat the request but only if the request contains a specific parameter, for example, if the request contains a parameter named "repeat" then I would need to repeat this...

Zscaler proxy

Hi, We have Zscaler proxy, I need support to understand how we can configure zscaler proxy settings in burp suite professional v2023.2.3. burp suite is not able to connect with internet.

Zscaler block issue

We have Zscaler proxy which is not allowing to send parameter change request though burpsuite on testing website and getting error 403 Forbidden (request blocked by zscaler). Is there any way i can send request from...

New Scan

Hello. Whenever I use Live Scan everything works perfectly. However, when I use New Scan, Burp Suite works for a few seconds and then populates the site map with a handful of urls. What am I doing wrong?

Help required for exporting certificate

Hi there, When I export cacert.cer from Burpsuite Pro, it shows Cloudflare, please advise. I thought it is supposed to be from portswigger. 0�0��Z؁{*�H��jɘ��6I' E0 0��1 0 UUS10U San Francisco10U Cloudflare,...

Burp Scan Finding Severity

Hello, I'm a bit confused regarding the severity of findings via Burp Scanner. Recently I ran a Scan on one of my domains and was able to find a bunch of findings however, most of them were of severity "information" as per...

How to change User-Agent send by Burp itself when connect via upstream proxy

When set upstream proxy server, burp will send the following request. (Not send by browser) Version 2020.9.2 ---begin--- CONNECT portswigger.net:443 HTTP/1.1 Host: portswigger.net:443 User-Agent: Mozilla/5.0...