How do I? - Page 48 - Burp Suite User Forum

How to (nearly) duplicate a target tree in Burp Pro?

I have a target tree for a site nicely filled out in Burp. There is another subdomain that is mostly identical, except for the subdomain name and one directory in its path. Is there a way I can use the tree I've already...

Simulate WAF

Hello, I have an idea, and even if I know it's not the point of Burp Suite, I wanted to know if it's seems doable for you: I have a WAF that is blocking requests, I would like to simulate it in Burp Suite, Like something...

How can I automatically import the otp code to inturuder?

The website I will be using requires an email, password and authenticator code. I will be doing a brute force attack on the password, the authentication code needs to be pulled automatically throughout the brute force...

Send request to Intruder but automatically detected insert point by default

I have been using BurpSuite for almost 7 year. I realize a feature was removed from the this year version of BurpSuite which is automatically deteced insert point when you send the request to the INTRUDER tab. In the current...

Burp title bar to match the dark theme on macOS

Hi guys, I've noticed that Burp's title bar doesn't change when the theme is set to dark. Is there a way I can change it to dark to match the theme? Version: Burp Suite Professional v2023.10.2.3 OS: macOS 14.0 JAVA:...

Why I must activace license every time when Burp get upgrade

Hello, I have question why I must activate burp license every time (or sometime) when burp suite upgrade? Regards, Janez

Burp Certification

Hi, can I use two laptops to pass Burp Certification Exam - one with Windows to use Examity and another laptop with Linux and Burp Suite to pass Exam?

Issue with Lab: Web shell upload via path traversal

Hello! I did all steps and got via link /files/exploit.php data in strange format Can't understand where is secret string there ��JFIF��BExifMM*�i@@��C ...

Macro: How to receive a parameter from POST response to use in the Header of the next GET request

I am currently testing a REST API and I would like to use a JSON parameter from a POST response in the next GET request. The POST request is set to run in the Intruder with custom payloads to fetch unique Tokens. The...

Export Labs Academy Progress

Hello portswigger team, I was wondering if there is a way that I could export my academy progress to an Excel sheet. I am looking for the ability to create a timeline for my self-resolving lab to export them to know how...

How to do crawl on Single Page Applications

Hi Team, I'm using Burp Suite Prof version to scan a Single Page Application. If I do , manual feeding using Proxy . Then Burp suite is able to crawl Single page application in better way. But without manual feed...

CORS vulnerability with basic origin reflection - Unable to solve

Hi Team, I tried the proposed solution but unable to get exploit working to get the API key. It returns Not Found in the logs. Can you confirm if the doc is updated one ?

Burp Scan Information

Hi Team, Could you please help with below points: 1. How can we retrieve the latest burp file if it is not saved or crashed? 2. If the burp session is crashed or closed are the burp scans automatically stopped? 3....

Do the vuln classes on the burp suite certified practitioner align with the vuln classes available in the Mystery labs?

Hello, I've been pursuing the Burp Suite Certified Practitioner for approximately the past year. After completing the recommended study material listed here: https://portswigger.net/web-security/certification/how-to-prepare...

how to update json parameters in request using Burp api?

Hi there, I am writing an extension which needs to update request parameters value with new injected payload. For GET/POST requests, headers and cookies it was quite straightforward. However, dealing with POST requests...

Automatically obtain a new Bearer Token from the web application without manually having to token refresh

Are there any good plugins for this? I am unsure how to go about automating this? If it helps the web application is xero.com

Empty Cookies Jar

I am trying to empty the cookies jar with each new session started. I created the Rule to invoke an Extension to Empty Cookies Jar. I used the following script below and added it into the Extension. However, it seem like hit...

Activation Failed

No More Activations allowed for this license Order Number 3EEC790378

Issues scanning juice shop with Dastardly in Gitlab CI/CD

Hello :) I would like to scan the Juice-Shop application in the Gitlab CI/CD using Dastardly: https://github.com/juice-shop/juice-shop I defined the following job in the ci/cd Yaml: dastardly_burpsuit: image:...

Use a Proxy for Software Updates

Hello, we use Burp Suite for internal tests, so the Workstation isn't able to connect directly to the Internet. Now we have the Problem that the Burp Suite want to go directly to 54.246.133.196 , we think for pulling...