Burp Suite User Forum

Login to post

Lab: 2FA bypass using a brute-force attack

I have been working on this one for a while. Outside the corporate network and working from home, I have found the responses came back very slowly compared to some other similar labs I have run. Therefore, when I ran my...

Last updated: Apr 23, 2021 07:28AM UTC | 14 Agent replies | 27 Community replies | How do I?

Exploiting clickjacking vulnerability to trigger DOM-based XSS

I successfully run the script with the code below, but it doesn't show "Solved". why? <style> iframe { position:relative; width:1000px; height: 1000px; opacity: 0.0001; z-index: 2; } div...

Last updated: Apr 22, 2021 03:23PM UTC | 1 Agent replies | 0 Community replies | How do I?

License Activation fails

My license activation is failing

Last updated: Apr 22, 2021 02:13PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Macro Plugin (Chrome) is not working properly

Hi Burp team, I am currently doing an evaluation on Burp Enterprise. We had some issues with authentication, and is trying to record login sequence with the Burp plugin on Chrome. However after the recording, the copy option...

Last updated: Apr 22, 2021 12:06PM UTC | 2 Agent replies | 1 Community replies | How do I?

Shortcuts of Burp Extensions

Hello, Thank you for your great work, I am rather new to Burp Suite. I am trying to configure shortcuts of Extensions. I using crtl + R to send my request to the Repeater. I am transforming the request to JSON with...

Last updated: Apr 22, 2021 11:17AM UTC | 1 Agent replies | 1 Community replies | How do I?

Web Secuirty Academy- Exploiting XSS to perform CSRF

I am having trouble determing where to put the token within the payload given in the solution: <script> var req = new XMLHttpRequest(); req.onload = handleResponse; req.open('get','/email',true);...

Last updated: Apr 22, 2021 10:29AM UTC | 4 Agent replies | 5 Community replies | How do I?

Exploiting clickjacking vulnerability to trigger DOM-based XSS

I have succeeded with the title solution, but no clear message is output.

Last updated: Apr 22, 2021 08:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Delete my account

The account needs to be deleted.

Last updated: Apr 22, 2021 07:27AM UTC | 1 Agent replies | 0 Community replies | How do I?

Setting up proxy for Burp Enterprise Agents

Hi Burp Team, I am current doing a PoC evaluation on Burp Enterprise. After the tool is set up, it seems the agent is having issue connecting to our internal applications through proxy. And there were connection related...

Last updated: Apr 21, 2021 12:41PM UTC | 2 Agent replies | 2 Community replies | How do I?

Issue with License Key for Trial version

I am not able to upload the License Key for my Trail version. I am getting an error ' There was a problem checking your license ...' I trying downloading the key multiple time and uploaded it. But I am getting the...

Last updated: Apr 21, 2021 08:53AM UTC | 1 Agent replies | 0 Community replies | How do I?

Web App Penetration Test

Hi Looking for instructions on how to run a Web App pentest on a webiste if I have the username and password

Last updated: Apr 21, 2021 07:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Multiple Headers

Hi, I have the following request for a pen test: "To identify your traffic as being part of this program kindly add the following headers to your requests: X-SecurityTest-Platform: [bugbounty] X-SecurityTest-Ninja:...

Last updated: Apr 21, 2021 07:29AM UTC | 2 Agent replies | 2 Community replies | How do I?

All queries from Burp repeater timeout

All queries sent via burp repeater timeout. with 'waiting' message at bottom right. How to troubleshoot? Thanks.

Last updated: Apr 21, 2021 07:20AM UTC | 1 Agent replies | 1 Community replies | How do I?

Find the SQL injection in Damn Vulnerable Web App (DWVA) on the High difficulty

Find the SQL injection in Damn Vulnerable Web App (DWVA) on the High difficulty? The value is entered into the popup window, which is invoked by clicking on the link with the popUp open javascript method. The result is...

Last updated: Apr 21, 2021 04:44AM UTC | 0 Agent replies | 0 Community replies | How do I?

Lab: Username enumeration via account lock

I am trying on this lab with 1 to 5 on payload 1 . I set the invalid password 20 letters long to get response time but my session is keep getting expired when i reach the testing around 400th attack out of 500 in total....

Last updated: Apr 21, 2021 04:35AM UTC | 6 Agent replies | 10 Community replies | How do I?

Chromium 0day vulnerability impact scope

Hello, I would like to know whether burpsuite_pro_v2020.2.jar uses chromium or chrome as a component, in order to evaluate whether this version of burpsuite is affected by the recent 2 remote arbitrary code execution 0day...

Last updated: Apr 20, 2021 10:48AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp scan crawler cannot detect or redirect a 307 status

I have a page: example.com . The login page is https://example.com/login After login it goes to http://example.com/my-details with a 307 internal redirect status and after that to https://example.com/my-details which is the...

Last updated: Apr 20, 2021 09:10AM UTC | 1 Agent replies | 1 Community replies | How do I?

Help me

hi, i need to change email (quockhanhitdakia@gmail.com) to "danglong2829@gmail.com". Thanks. Have a nice day

Last updated: Apr 20, 2021 09:07AM UTC | 1 Agent replies | 0 Community replies | How do I?

Help me

hi, i need to change the name (quoc khanh) to "Dang Long". Thanks. Have a nice day

Last updated: Apr 20, 2021 07:05AM UTC | 1 Agent replies | 0 Community replies | How do I?

HEX view

Hello, Since the addition of the inspector panel (btw, a very cool addition), I can't find a way to view the hex representation of requests and responses in the message editor. Can I have an explanation on how to do...

Last updated: Apr 20, 2021 05:48AM UTC | 3 Agent replies | 6 Community replies | How do I?

Page 5 of 173

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image