Burp Suite User Forum

Create new post

Lab: Reflected XSS protected by very strict CSP, with dangling markup attack

I can't complete the lab. After I "Deliver the exploit" to victim, I get nothing in the Collaborator. No response at all. I follow everything it says in the solution, I tried several videos with people doing it, but nothing...

Last updated: Jul 04, 2024 06:45PM UTC | 5 Agent replies | 10 Community replies | How do I?

How do i deactivate burp (single user license) license from one machine and activate in another

Hi, Unfortunatley i have installed and activated burp license in a wrong machine. I need to deactivate this license (which no longer using in this machine) and activate i another machine. Please suggest me the steps to...

Last updated: Jul 04, 2024 01:36PM UTC | 3 Agent replies | 3 Community replies | How do I?

How to use HttpRequestEditorProvider to color highlight and format data like the Pretty tab

The content displayed when I write the edit box is too ugly. I want to format it like Pretty, but I can’t find the relevant function in the API. Is there any available solution? Existing library or Demo

Last updated: Jul 04, 2024 01:24PM UTC | 3 Agent replies | 2 Community replies | How do I?

problems with this lab

Hi - I've been having a number of problems with this lab. First time I followed the steps from the video. When I got to step 5, I changed the HTTP header to an arbitrary value as prompted in the solution (see below). I then...

Last updated: Jul 04, 2024 12:54PM UTC | 3 Agent replies | 4 Community replies | How do I?

No more activations allowed for this license

Hi there, I'm reaching out because I've run into a bit of a snag while trying to activate Burp Suite Pro on one of my computers today. When I attempted to activate it, I got the message "No more activations allowed for...

Last updated: Jul 04, 2024 07:59AM UTC | 1 Agent replies | 1 Community replies | How do I?

Lab: Multi-endpoint race conditions - I don't understand why it works as it is

A) Basically we send a get request to the home page (/) which starts the cookie session validation process which takes 700ms. B) Then fast we send post requests to add items to the cart and to check out. I don't...

Last updated: Jul 03, 2024 05:00PM UTC | 2 Agent replies | 2 Community replies | How do I?

Resource not Found Academy Exploit

When I try this academy https://portswigger.net/web-security/cors/lab-basic-origin-reflection-attack, I have facing problem /log?key=%22Resource%20not%20found%20-%20Academy%20Exploit%20Server%22 when view access log after...

Last updated: Jul 03, 2024 12:48PM UTC | 8 Agent replies | 10 Community replies | How do I?

RST_STREAM HTTP1.1 error

Hi, I'm trying to browser a web app via the inbuilt burp browser and also Chrome (pointing at Burp as the local proxy) but am getting the below error: RST_STREAM received with error code: 0xd (Use HTTP/1.1 for the...

Last updated: Jul 03, 2024 11:09AM UTC | 6 Agent replies | 10 Community replies | How do I?

Burp Collaborator Not Polling

Hello, I'm trying to solve the 'Reflected XSS protected by very strict CSP, with dangling markup attack' Lab but am having some trouble with the collaborator. I put the following script into the exploit...

Last updated: Jul 03, 2024 07:57AM UTC | 1 Agent replies | 0 Community replies | How do I?

Add custom column to return referer header

How do i add custom column to show referer header?

Last updated: Jul 02, 2024 02:55PM UTC | 2 Agent replies | 1 Community replies | How do I?

Reset my all my Progress

I want to reset all labs to restart my learning

Last updated: Jul 01, 2024 07:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do i just scan the target URL and its subdomains?

I would like to know how i set this up so that it scans only the target URL and any subdommains it may find and anything else is not. As i keep getting other junk in the target tab such as facebook, google etc. I try remove...

Last updated: Jun 29, 2024 03:43PM UTC | 2 Agent replies | 3 Community replies | How do I?

SameSite Strict bypass via client-side redirect

Hello! I'm trying to solve this lab from the CSRF topic and I'm struggling to finished. I'm stuck on the last step "sending exploit to victim" I have follow every step from the solution and try the exploit myself and...

Last updated: Jun 29, 2024 02:08PM UTC | 0 Agent replies | 2 Community replies | How do I?

I cant login in my account

Kindly i need assistance

Last updated: Jun 28, 2024 10:35AM UTC | 1 Agent replies | 0 Community replies | How do I?

Filter scan counts in Burpsuite Enterprise

I want to filter the scans by status and get the number of scan counts for particular date between or month wise. Is there any way to do in Burp enterprise portal or using Graphql API query.

Last updated: Jun 27, 2024 04:46PM UTC | 2 Agent replies | 1 Community replies | How do I?

Stealing OAuth access tokens via an open redirect

https://0a5900c503a255e2c0a2ed1f02a7003c.web-security-academy.net/auth?client_id=bafv9dae8qp24om34rrbm&redirect_uri=https://0a0000a2035e554ec06eef8d00b00056.web-security-academy.net/oauth-callback/../post/next?path=https://ex...

Last updated: Jun 27, 2024 08:00AM UTC | 3 Agent replies | 2 Community replies | How do I?

can you reset the learning lab and lecture?

can you reset the learning process? I want to start from beginning again

Last updated: Jun 27, 2024 07:21AM UTC | 1 Agent replies | 0 Community replies | How do I?

Is it possible to bypass JWT authentication if you know the secret key but not the timestamp?

I found an interesting website with a JWT bypass vulnerability. It uses a simple secret key that can be discovered using brute force, which I did. However, I couldn't exploit the vulnerability because simply changing the id...

Last updated: Jun 26, 2024 10:11PM UTC | 0 Agent replies | 0 Community replies | How do I?

Error while solving lab 'Stream failed to close correctly'

I am getting the error "stream failed to close correctly" while uploading 'polyglot.php' or any other image file. Can anyone help me solve this error?

Last updated: Jun 26, 2024 07:56AM UTC | 1 Agent replies | 0 Community replies | How do I?

Logs from both Logger/Logger++ get erased when closing Burp

Every time I close Burp after saving, all my logs from Logger / Logger++ get erased. The only method that seems to work for me is if I manually export the logs to a CSV file. Is there a way to persist the logs after closing...

Last updated: Jun 25, 2024 03:59PM UTC | 7 Agent replies | 5 Community replies | How do I?

Page 4 of 320

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image