How do I? - Page 4 - Burp Suite User Forum

Can't connect to android

Hi. I have a problem connecting Burp to my android phone. I've installed CA certificate, set the proxy of my local machine, but it doesn't work. On the computer, where Burp is running, all works good. I tried to run...

BurpSuite Proxy Listener, Mac OS and Chrome not playing nice together

I'm trying to play with BurpSuite by attacking a local instance of WebGoat (intentionally-vulnerable web app at https://owasp.org/www-project-webgoat/) and am having some difficulty getting the proxy setup. I am on a...

PHP deserialization: Signature does not match

Lab: Exploiting PHP deserialization with a pre-built gadget chain I kept receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www/index.php:7 Stack trace: #0 {main}...

Lab: Web shell upload via race condition

I cannot solve the lab in any way: I tried with Turbo Intruder applying the solution, but the result is that the GETs are never with status 200 I have only tried with Intruder with the same result I also tried using "...

Scan

Hi, I need to perform a salesforce scan and have configured the MFA to static code but still the login sequence is not working. Any help on this please.

burp no more activations allowed for this license

hello. i gotta some problem. basically we hava a four license. and we repeated the license registration, formatting on several PCs. so now, we can't use to license. alert: no more activations allowed for this...

Authenticated Scans on Appication with 2FA login

Hi Team, I wanted to if application have 2FA(login and OTP) how to configure Burp Enterprise for the same. I can only see authentication with simple username and password field to add in auth configuration in...

Import JSON File with REST APIs

Hi Team, If i want to feed a list of REST APIs in a json file format, not URL, is it possible to do so in Burp UI and also via Burp API for automation. The objective is if a user uploads a json file with REST APIs, can...

Reset all my labs and lessons progress

Hi team, Can you please reset all my labs and lessons progress as I plan to start them again. My email id is ankursharma012@gmail.com regards Ankur

how to add X-Forwarded-For and what is columns in Lab Username enumeration via response timing

I dont know how to add X-Forwarded-For Header in burp suite and what is columns ? i need video for solution in Lab Username enumeration via response timing. thanks

How to get the license key to open burp suit.

Override default collabolator settings

Hi! Due to various restrictions, I know that I will never use a public collaborator address. When turning on burp, I always have to change the address to my self-hosted - which generates a few more clicks with each test. Is...

Match all 302 Response Headers and Modify to 200 OK

Is there a way I can create a match and replace rule that matches all 302 headers and modifies them to a 200 OK within Burp?

"cors=1" in Cache Key Injection lab

Hi, I'm working on the Cache Key Injection lab. It mentions that knowledge of other vulnerabilities such as parameter pollution, header injection in the response, and of course XSS is necessary to solve it. However,...

How do I dockerize burp pro as a user (not as root)?

Hey, so the following is the case: I want to creae a burp image that has already been activated, since I need multiple containers from that image. I successfully did this by mounting the .java/.userPrefs/burp...

Need to download scanned URLs from Burp Suite EE

We need to download the URLs that we've scanned with Burp Suite EE. How do we do this? Is there an API query we can use?

Crawler API for Burp

Hi, I am using the current version of Burp Suite Professional. Currently, I am running Burp headless to scan our application, but I want to use crawler to find path without providing paths in the sitemap. I am looking...

No more activations allowed for this license

Dear burp team, Unfortunately I have had to reinstall my laptop because a firewall rules and now when I try to install burp suite, I get the error "No more activation allowed for this license". Could you help me...

Sort result / history (any tab) depends of multiple columns

Hello, I just wanted to know if it was possible to sort result with multiple columns. For context, here is my situation: I'm doing a SQL Blind injection in a lab and want to sort my result in a way that first are the...

how to send api request to burp to do repeater or intruder request once via api

Hello sorry for the bother, i have wrote extension to send api request to burp to scan url but can't figure out how to send it to repeater or intruder instead as the scan keeps the task on going and i need it to run only...