How do I? - Page 47 - Burp Suite User Forum

Not able to locate the file

OS: Windows 10 Pro I downloaded Burp Suite Community Edition. When I run the exe file, everything went fine but I couldn't locate the file to open Burp Suite. I tried uninstalling and re-installed it but still couldn't...

Exam Trouble

I completed 2 labs during the exam but the status on the page didn't change to 3/3 until the time ran out and there was no upload page for the .burp project file I don't know why, can you help me?

Exploiting Ruby deserialization using a documented gadget chain

Hi I am unable to solve this lab. *I created the base64 encoded payload using the exploit code in this site. https://www.elttam.com/blog/ruby-deserialization/ *I copied the code, changed the required parameters and...

No user lookup functionality on NoSQL lab

Hi, I'm doing the NoSQL - extract unknown fields lab. And I'm stuck. https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-extract-unknown-fields The description says there's a user lookup...

Upstream Server Proxy only allow 1 request via Intruder for the whole payload

I am testing to see how Upstream Server Proxy work. Therefore, I created a session Rule to run 2 macros Request at https://ipinfo.io/ip, and https://httpbin.org/ip. For the upstream server, I set up to have a rotating IP...

XSS with document.location.pathname

Hello I'm kind of a n00b in this do you think this is exploitable And what are your suggestions to do so. <script type="text/javascript"> document.write("<base href='" + document.location.pathname + "' />"); ...

want to save or export only attack file

Hi, I want to know that how to save only intruder attack file (not save into the project file but save or export only attack file). Is there any way to do this? I'm using Burp professional v2023.3.5. Thank you

Burp Proxy Timeout

Hello! I met with the problem, where all requests after going through Burp proxy are timeouted, but when I do not use Burp proxy it works in the correct way. I should also mention, that the computer is connected to the...

302 Found and 302 Moved Temporarily

When I tried to run a payload, I mostly received status code 302 Found or 302 Moved Temporarily which stop the target website from rendering correctly and display a blank page with 302 Found message. This issue is hit and...

Could not connect to address=(host=127.0.0.1)(port=3306)(type=master) : Socket fail to connect to host:127.0.0.1, port:3306. Connection refused

I'm using Burp Enterprise installed with Helm with the following setup: burp-storage.yaml apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: local-storage provisioner:...

200 w/ Burp, 403 without

Hey y'all, I've hit an issue where doing some POC work in python w/ requests, pycurl libs results in a 403 when hitting an endpoint but when proxying through Burp I get a 200 response. Aside from the obvious things...

Burpsuite certified Practitioner exam

I'm planning to take the BSCP certification exam. Can I use the Burpsuite professional trial version or do I need to purchase a license?

Back-off restarting failed container init-enterprise-server-keystore

Hello, I'm trying to install Burp using Helm chart. Everything seems good, but my pods are giving me this message: Back-off restarting failed container init-enterprise-server-keystore in pod...

Is the GraphQL API available for Burp Suite Pro?

I want to make use of the GraphQL api to retrieve scan results from Burp Suite. I understand from the documentation that the GraphQL api is available for Burp Suite Enterprise, however, I wanted to know if it is also...

use burp rest api to automate the scan and generate report!

Hi, Currently we run automated security scans with zap by proxying our e2e tests. We want to try out burp suite and pick the best. I was not able to find much support on how to access the rest api documentation and how use...

Burp Suite isn't working

I have used Burp Suite many years ago, and didn't have issues. Recently I have been trying to get the community version to work but nothing seem to be working regarding intercept. I have tried using the embedded browser...I...

burp intruder numbers problem

Hi I want to use the intruder section in burp suit. When I set the payload type to numbers and select the numbers 1 to 1000 and then start attack, in the opened window in the payload column, instead of the numbers 1...

I imported a certificate, but the certificate verification seems to have failed.

I have updated to a new burp version and am having trouble verifying the certificate. I have regenerated the certificate at burp and performed this process multiple times with no improvement. The version of burp is:...

HTTPS/HSTS errors after certificate import

Hello, I am currently trying to use burp suite pro v2020.08 to intercept traffic for a website which is using HSTS (google.com). I've installed the Burp CA Certificate in the firefox browser, however navigating to...

not supporting HSTS

i am trying hard to access sites with hsts enabled via burp proxy. did installed the firefox older version 3.6.25 but not working properly . nothing is displayed on screen keep on saying wrong certificate . i am facing...