Burp Suite User Forum

Login to post

Lab: CSRF vulnerability with no defenses

Hey all, I am working my way through your labs (which I must say are excellent) and am having trouble completing the CSRF with no defenses lab. In the exploit server, I am using the following code in the body (with...

Last updated: Mar 10, 2023 09:57AM UTC | 5 Agent replies | 8 Community replies | How do I?

CSRF vulnerability with no defenses -> not solved but exploit works

Hi, i'm trying to solve the lab, also the lab "CSRF where token validation depends on request method" in both labs the exploit works for me and i can change the mail. But the page with only the submit button does not...

Last updated: Mar 10, 2023 09:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

reset labs

Can you please reset just the cross-site scripting (XSS) labs? thanks in advance

Last updated: Mar 10, 2023 08:50AM UTC | 2 Agent replies | 2 Community replies | How do I?

Conflicting scan configurations

If a Burp user accidentally picks two built-in scan configurations one of which excludes the other, what happens? Let's say the user adds 'Audit checks - medium active' and 'Audit checks - light active' will both medium and...

Last updated: Mar 09, 2023 06:25PM UTC | 1 Agent replies | 1 Community replies | How do I?

Remove false positives

Hi! I marked some issues as false positives, how can I remove them from the exclusion list? I try to get them back. Thanks!

Last updated: Mar 09, 2023 01:47PM UTC | 3 Agent replies | 5 Community replies | How do I?

Fix ERR_UNSAFE_PORT error on built-in browser

I'm trying to access a service listening on port 10080 and the built-in Chromium browser is returning an error: ERR_UNSAFE_PORT On "regular" Chromium I can use the explicitly-allowed-ports parameter to bypass this, but...

Last updated: Mar 09, 2023 11:41AM UTC | 2 Agent replies | 2 Community replies | How do I?

Getting No more activations allowed message

Hi Team, I am trying to reactivate my Burp Pro license several times on my different machines due to environmental issues. I unable to reactivate as I am getting "No more activations allowed for this license" message....

Last updated: Mar 09, 2023 11:10AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Username enumeration via different responses

Hello just updated burp to v2020.6. I'm trying to complete this lap however not sure if lab is out of date of if new version of burp is not compatible? I've got to step 8 however in the results page, all the lengh results...

Last updated: Mar 09, 2023 10:49AM UTC | 3 Agent replies | 9 Community replies | How do I?

[Burp Proxy with Android] No connection to proxy from other device

Hello, I've recently had this error pop up and I'm unable to fix it. I'm trying to intercept http traffic from my Android device with Burp, I have done this with the exact same setup a few days ago and it worked fine,...

Last updated: Mar 08, 2023 01:18PM UTC | 1 Agent replies | 4 Community replies | How do I?

getting Error

getting error while installing Burp community in kali terminal Exec format error

Last updated: Mar 08, 2023 10:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp CA certificate download

Hi, I am trying to download CA certificate from http://burp site. But this site cant be reached error is coming. How to proceed. Please help.

Last updated: Mar 08, 2023 08:38AM UTC | 4 Agent replies | 4 Community replies | How do I?

Fuzzing parameter names

Hello, is there a way to instruct Burp in order to include the input/parameter names in the scope of scans ? The idea is to automate this process : https://portswigger.net/blog/attacking-parameter-names And to detect...

Last updated: Mar 08, 2023 07:54AM UTC | 2 Agent replies | 1 Community replies | How do I?

I'm trying to run a simple CURL command to download a scan report, but getting an Error with my APi token despite it being valid

I'm trying to download a report using the CLI and after a couple of minutes it gives me this error: "curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the...

Last updated: Mar 07, 2023 06:20PM UTC | 1 Agent replies | 1 Community replies | How do I?

Automated scanning

If an automated scanning is doing, do I need to interact with web pages to load Rest APIs to Burp or will Burp crawl through each and every Web API automatically?

Last updated: Mar 07, 2023 11:47AM UTC | 1 Agent replies | 0 Community replies | How do I?

Testing Rest API

How API is verified by Burp as there exist a vulnerability or not? On what basis the report is generated? That means how do Burp conclude that there exist a vulnerability or not? Is it by any response from the web...

Last updated: Mar 07, 2023 11:09AM UTC | 1 Agent replies | 0 Community replies | How do I?

Automated scanning

If I'm doing an automated scanning, will you provide all the inputs/test cases for testing different types of attacks or vulnerabilities. OR is it needed to be provided by us?

Last updated: Mar 07, 2023 09:41AM UTC | 1 Agent replies | 0 Community replies | How do I?

Manual testing using Community Edition

Do manual testing in Burp Community Edition help to generate a report?

Last updated: Mar 07, 2023 09:30AM UTC | 1 Agent replies | 0 Community replies | How do I?

Unencrypted upstream proxy server

I'm trying to configure a proxy listener that receives encrypted requests from clients and forwards these requests against an unencrypted server, then encrypting and sending the responses back. I tried setting a simple...

Last updated: Mar 06, 2023 04:25PM UTC | 1 Agent replies | 0 Community replies | How do I?

JRE warning magic number

Hi, I use the Java version of Burp Suite Professional in Kali linux and on the first start it shows the well known message "Your JRE appears to be version 17.0.5 from Debian." When I check "Don't show again for this JRE"...

Last updated: Mar 06, 2023 04:13PM UTC | 3 Agent replies | 2 Community replies | How do I?

No more activations allowed for this license

Good day! Recently I had to reactivate my Burp Pro license several times on my different machines due to technical circumstances. Now I am getting "No more activations allowed for this license" error. Could you please...

Last updated: Mar 06, 2023 02:34PM UTC | 1 Agent replies | 1 Community replies | How do I?

Page 4 of 270

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image