How do I? - Page 45 - Burp Suite User Forum

IDOR VS PRIVILEGE ESCALATION

Hey Burp team. What is the difference between IDOR vs Privilege escalation? I was confused while reading access control topic in portswigger academy.

Hi, I am attempting a brute force attack on a password using the Sniper attack method. I am highlighting the password value in the intruder and adding it as "Add§," but it appears that the password value is hashed using...

Burps Black Screen

Hi, I am using Kali Linux 2023 version, i won't run burpsuite because they showing JRE 17.0.9 from debian version update after that I have updated but it's not working. they showing Burp not tested for this system for...

Username enumeration via response timing problems with X-Forwarded-For header

Hello I am know how to solve the lab but most of the times when I pass the X-Forwarded-For:1 I have below request: POST /login HTTP/2 Host: asdsdasdasd.web-security-academy.net Cookie:...

Browser (Chromium) does not start

Burp Suite Community Edition V2023.10.2.5 "Could not connect browser" is displayed in Repeater's Response → Render. Please tell me what to do.

How does one get timing results in Burp Intruder?

I am aware of the "Response received" and "Response completed" columns in the Intruder Attack menu, but these numbers do not correlate with the timing results produced in Repeater. I have a test scenario which produces...

Reset Lab

PLease reset all my labs, need to redo again

Forced OAuth Profile Linking

Hi, I've followed all the steps PRECISELY and have watched a couple different videos on how to complete this lab. It doesn't work! I've noticed for the videos I've seen the people that are making them can just click "Login...

Failed to create Burp Project: cannot parse null string

Hi folks. How to fix this error? I was using trial version of Burp Suite Professional and getting this error. Java installed correctly. I was able to run the community version successfully. I am currently running on Windows...

Proxy tab missing in BSCE v2023.10.3.3-24547

Hi, It seems the "Proxy" tab is missing in my Burp suite community edition v2023.10.3.3 build 24547 (MacOS). Expected tabs: Dashboard - Target - Proxy - Intruder - Repeater Actual tabs : Dashboard - Target -...

Collaborator payloads

Hey, When I use the Collaborator payloads to do test in Intruder, it will insert many URL of Collaborator into payloads' domain point. But I don't know how to get which url is interacted by my target server. I followed...

activation error

I have a problem with "no more activations allowed". Can I get assistance?

No exam available in Examity

Hello, I tried to start the BSCP this week-end and had to organize my week-end around this exam as it's 4 hours long. Turned out it's not working properly, after clicking on start the exam in Portswigger and being...

Testing Request Smuggling with Burpsuite.

Hello portswigger team, I’m really confused about certain thing in request smuggling vulnerability which is sending the requests in the same connection or testing the vulnerability with turbo intruder scripts using the...

Practice Exam In the 3rd part of App 2

Practice Exam In the 3rd part of App 2, is there a problem with Java deserialization? I easily solved it in App 1, but I couldn't achieve any results in App 2 with CommonCollections on collaborator. Later, I tried URLDNS,...

Mitigate the Risk of SQL Lite injection via CSS

Hi, Your tools have reportedly found an "issue" with our site, but I dont know how to fix. The team validated the SQL Injection vulnerability identified by OWASP ZAP using Burpsuite and the query time is controllable...

No more activations allowed for this license

I tried to activate my burp suite license again, but it failed. My Arch linux periodically breaks down and I have to reinstall all my system and keys. I please reset all my previous activation to have 10 times to use.

can't activate my license