How do I? - Page 4 - Burp Suite User Forum

Verify dastardly function

How many failures should Google's https://public-firing-range.appspot.com or https://ginandjuice.shop be detected by dastardly? What are your results?

Team, Currently we are able to get report of identified vulnerabilities. But we want to get Clearance Report as well. Like If we have no vulnerabilities identified then We want a Clearance report That No issue...

URL-encoded format--UTF 8

Hi Team I would like ask why in Burp do not have UTF-8 Decode/Encode options.I have to use Website.?

Issue in load of BAPP Store Tab why does bapp store list is not load in burp suite professional 1.7.

why does bapp store list is not load in burp suite professional 1.7.34 and goes on , even with the v.2.0.0 (beta version) after installation in Windows 10 pro . what causes these kind of issue? Could you please the...

Query in Match and Replace

Hi I am trying to match when ever my browser goes out to https[:]//i.ytimg[.]com/vi/pvBY0IfgeYo/hq720.jpg...... to point at http[:]//3adps[.]com/repulsive.jpg 3adps.com is an apache site on my LAN. For this to work...

Issue with Recorded login sequence

Hi Team, I followed the record login sequences instruction and successfully generated JSON objects for application login data. But I am unable to reply and validate login sequence , My application depends on SSO with SAML...

Tried installing burp enterprise and unable to bring up image

We have tried installing the application using the steps https://portswigger.net/burp/documentation/enterprise/getting-started/unattended-installation We are unable to access the application and getting the logs, Failed...

License Cancellation

I want to cancel the licenses obtained by credit card without using them. How can I do it

How to fetch cookies

Hi Team I have to ask again about how to fetch in Collaborator cookies.I read article in for example form submission you can do this that. <script>fetch('https://YOUR-SUBDOMAIN-HERE.burpcollaborator.net',...

private Burp Collaborator Server configuration question

Dear Team, a. I want to use a self-signed wildcard certificate, is this configuration correct? b. Now the device where the private Burp Collaborator Server is deployed and the website under test are in the same...

Burp suite enterprise instance could not be started

Hi, After an update today, I am not able to access the webserver of the enterprise edition instance - 'Could not connect to Burp Suite Enterprise Edition: Could not connect to database'. Appreciate any help to debug...

Can Burp Pro find areas in a site where a token replay is possible?

I'm not sure I have seen this in Burp Pro auditing crawls I have done but is Burp able to see where a SessionID token can replace an existing SessionID to impersonate a different user? For example, if the cookie in the...

Lab: HTTP request smuggling, basic TE.CL vulnerability

The solution for the challenge provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST /...

Burpsuite - Jenkins Integration queries

Dear Burp Suite Team, We have integrated Jenkins with Burp Suite Enterprise [We have procured the License]. Context: 1. It takes significant time for the SCANS initiated form Jenkins to be complete, about 8+ Hours,...

How to test web applications that block interception proxies?

Hi, I've been lucky enough to be given a chance to attach a commercial device that runs a web application, somewhere on the server it has some kind of WAF that blocks any interception proxy such as burp suite. How does...

Intercept Traffic From WSL + Send Traffic to Proxychains

Hello, How can I intercept traffic that comes from WSL (Ubuntu) in burp? I've seen some configuration regarding certificate, but none of them applied. AND How can I use Proxychains with BUrp, so command send using...

Can Burp Pro crawl and download the site locally?

While I know how to use Burp Suite Pro to crawl and/or audit a site, is it possible to mirror and download the site locally so that you can search within the site pages for specific things you want to check to see if they...

Resource Not Found - academy exploit server

iam facing the resource not found academy exploit server error at Basic clickjacking with CSRF token protection!

i want Catch Mobile Traffic(iOS) in VPN server(windows)

https://www.schellman.com/blog/how-to-catch-mobile-traffic-escaping-burp I have configured the same environment as above. The only difference is that the vpn server's os is windows, not linux. I cannot proceed...

I can't uninstall "burpsuite"

I downloaded a Bursuite on the Internet today, but I found that I downloaded the wrong version. I tried to use "uninstall. exe" to uninstall this version of Bursuite but could not. I downloaded "bursuite...