Burp Suite User Forum
So I've done this three times so far, using Burp Suite Pro (2024.1.1.4), and I'm having no luck. I'll avoid spoilers, but the short answer is that all the responses I get are HTTP 200, no 302 in sight. I've gone though the...
Hi, On this page, the video explains testing for SQL injection. When scanning, there is one SQL injection vuln with only path /filter. But when accessing HTTP History, appear parameter:?category= Can you explain...
Is it possible to write BChecks script to detect SSL weak cipher suites used in web server. https://github.com/projectdiscovery/nuclei-templates/blob/main/ssl/weak-cipher-suites.yaml Need help to convert the above...
Is it possible to change a HttpHeader on the HttpRequestResponse selected via a ContextMenuEvent in a Reapeater tab?
i am trying to solve this lab Lab: Developing a custom gadget chain for Java deserialization . When i am trying to serialise java cookie i am using your githup main.java in repl.it but i am getting an...
Greetings. I was recently working on a blind SQL vulnerability (oracle database). There was 3 vulnerable parameters on the same request. However burp scanner could not always identify the vulnerability and when that happens...
Is there a way to restrict false positive action to particular user or group may be using Role.? or if there is another way by which i can restrict False positive marking of issue for user(s) let me know. I tried...
when I change the role id to 2 however i get an internal server error POST /my-account/change-email HTTP/2 Host: 0a5a007703e1b1f281891199006e0050.web-security-academy.net Cookie:...
The final step of the LAB I am not getting the 302 response in practical lab. Is anything I am missing. On the "Payloads" tab, add the list of numbers in payload set 1 and add the list of passwords to payload set 2....
Hello how much time do i have to do the exam , so the voucher expires or it does not expire?
1)- Go to your firefox settings, and then open Network Settings. 2)- Go to Connection Settings, and then Activate(Use System Proxy Settings), Not manual. 3)- It worked for me, I hope it works for you too.
I have a Backend REST API application that I want to scan. I am following the steps in https://portswigger.net/burp/documentation/desktop/automated-scanning/api-scans. It says "To run an API scan, click New scan > API scan...
Hi, I'm getting 'no more activations allowed' error message. Could you please help me reset the activation? Thanks!
I just tested (scanned) a larger web shop in a maintenance window during last nicht. On my /tmp i had 30 g free, which was not sufficient. So burp crashed. Since there are a lot of tests and results documented in the...
Hi team, I am unable to create a password for my account as it always need to retrieve the temporary password from the forget requests. As couldn't access the labs as i need password to login in the burp browser to complete...
Hi, I have a problem with solving CSRF where token validation depends on request method in Burp professional version. This is my code from exploit server aned I have changed email in the code.Do you have more information...
I'm doing the Portswigger web academy and am trying to use burp suite's in browser. when i open the browser it's just a basic page. if i try to access the web academy labs in the browser, it asks me to log in to portswigger...
Dear portswigger, Kindly you help resetting my labs & material progress Best regards
Hi, idk if this is the right place to ask these kind of questions, so I apologize in advance for that. I'm trying to solve "Lab: Blind SQL injection with out-of-band data exfiltration"...
Hello :) Can you please reset my progress on the labs and learning materials?
Page 4 of 307
Your source for help and advice on all things Burp-related.