Burp Suite User Forum
Hey all, I am working my way through your labs (which I must say are excellent) and am having trouble completing the CSRF with no defenses lab. In the exploit server, I am using the following code in the body (with...
Hi, i'm trying to solve the lab, also the lab "CSRF where token validation depends on request method" in both labs the exploit works for me and i can change the mail. But the page with only the submit button does not...
Can you please reset just the cross-site scripting (XSS) labs? thanks in advance
If a Burp user accidentally picks two built-in scan configurations one of which excludes the other, what happens? Let's say the user adds 'Audit checks - medium active' and 'Audit checks - light active' will both medium and...
Hi! I marked some issues as false positives, how can I remove them from the exclusion list? I try to get them back. Thanks!
I'm trying to access a service listening on port 10080 and the built-in Chromium browser is returning an error: ERR_UNSAFE_PORT On "regular" Chromium I can use the explicitly-allowed-ports parameter to bypass this, but...
Hi Team, I am trying to reactivate my Burp Pro license several times on my different machines due to environmental issues. I unable to reactivate as I am getting "No more activations allowed for this license" message....
Hello just updated burp to v2020.6. I'm trying to complete this lap however not sure if lab is out of date of if new version of burp is not compatible? I've got to step 8 however in the results page, all the lengh results...
Hello, I've recently had this error pop up and I'm unable to fix it. I'm trying to intercept http traffic from my Android device with Burp, I have done this with the exact same setup a few days ago and it worked fine,...
getting error while installing Burp community in kali terminal Exec format error
Hi, I am trying to download CA certificate from http://burp site. But this site cant be reached error is coming. How to proceed. Please help.
Hello, is there a way to instruct Burp in order to include the input/parameter names in the scope of scans ? The idea is to automate this process : https://portswigger.net/blog/attacking-parameter-names And to detect...
I'm trying to download a report using the CLI and after a couple of minutes it gives me this error: "curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the...
If an automated scanning is doing, do I need to interact with web pages to load Rest APIs to Burp or will Burp crawl through each and every Web API automatically?
How API is verified by Burp as there exist a vulnerability or not? On what basis the report is generated? That means how do Burp conclude that there exist a vulnerability or not? Is it by any response from the web...
If I'm doing an automated scanning, will you provide all the inputs/test cases for testing different types of attacks or vulnerabilities. OR is it needed to be provided by us?
Do manual testing in Burp Community Edition help to generate a report?
I'm trying to configure a proxy listener that receives encrypted requests from clients and forwards these requests against an unencrypted server, then encrypting and sending the responses back. I tried setting a simple...
Hi, I use the Java version of Burp Suite Professional in Kali linux and on the first start it shows the well known message "Your JRE appears to be version 17.0.5 from Debian." When I check "Don't show again for this JRE"...
Good day! Recently I had to reactivate my Burp Pro license several times on my different machines due to technical circumstances. Now I am getting "No more activations allowed for this license" error. Could you please...
Page 4 of 270
Your source for help and advice on all things Burp-related.