How do I? - Page 56 - Burp Suite User Forum

Burp Rest API - Launch a simple crawling

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d...

Help with Custom Extension / Macro Involving Auth Tokens in URL

I am trying to perform some automated scans of a web application that utilizes a JWT in the URL, which has an expiration date of 10 minutes. The JWT always appears at the end: /api/v2/fakeendpoint/<JWT> I have seen...

Explore Exciting Opportunities in Colombia and Malaysia: Travel, Earnings, and Lottery Adventures Await!

Are you seeking the perfect blend of travel, earning potential, and thrilling lottery experiences? Look no further than Colombia and Malaysia! These two vibrant countries offer a unique combination of cultural richness,...

Issues list

Hi all. I accidentally .db file instead of a .burp project with "ip, url, http method, , request raw, response raw, time, http status" columns. Can I get a list of issues based on this data?

API scanning using dastardly

Hi. I am unable to scan api endpoint using api defination. SCRIPT > - task: CmdLine@2 displayName: Run DAST scan with dastardly inputs: targetType: 'inline' script: | docker...

Dastardly - Restrict URLs

Hey, Is there anyway I can add to/restrict URLs for the Dastardly scanner? There are some URLs (e.g. the CMS login page) I would also like scanned which aren't on my site to crawl. Additionally, I don't need it to scan...

Not getting mark as complete checkbox

I'm not getting tracked of my progress of reading materials. Although I had read that. Also, not getting that checkbox to mark my reading materials progress.

Make HTTP Request from 127.0.0.1 (localhost)

I am using Reactor to assist with answering some questions regards the sending of HTTP requests and one question that has me stumped is sending a request from source 127.0.0.1. If anyone can point me in the right...

Burp Suite Professional is not intercepting any request

Hello Burp, When I launch Burp Pro and click on Proxy ==> Open browser, and navigate to https://portswingger.net, nothing happens in the intercept tab. Burp is not intercepting any request and the built-in browser...

TypeError: Cannot read properties of undefined

I'm getting this error when i click on the "Schedule Scans" button, the page still loading but after a minutes return error bellow: Whoops - something bad happened TypeError: Cannot read properties of undefined (reading...

"Burp Browser is not available in this execution mode" I get this when i try to launch the Burp browser. What does this mean and how do i fix it?

View Cached pages when using built-in Chromium

I am on Window and I am using Burp's Chromium browser to view test. The page I am testing caches some pages which contain confidential data. I wanted to view those files, but on...

Turbo Intruder Race.py script missing?

Hello, Turbo Intruders example scripts use to have a script called examples/race.py which I can no longer find? How do I run Turbo Intruder without any wordlists? I just want to send the same request?

problème avec lab #5

L'e-mail de la victime dans lab #5 n'est pas modifié dans lorsque je soumets la demande avec la clé et le jeton CSRF du hackeur (carlos). j'ai vérifié que j'utilisais un nouveau jeton CSRF. J'ai suivi les instructions de...

Inquiry about CLI Usage in Burp Suite Professional and Enterprise

Hello Burp Suite Community, I hope you're all doing well. I'm currently exploring the capabilities of Burp Suite for security testing and I'm interested in utilizing the command-line interface (CLI) feature for some of...

Lab: SQL injection with filter bypass via XML encoding in Python

Hi, I am currently doing Lab: SQL injection with filter bypass via XML encoding (https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding) and I am struggling to solve this...

How to reproduce following POC of dom based open redirection Vulnerability Flagged by burp suite scan

Data is read from location.pathname and passed to xhr.open. The following value was injected into the source: /////hwrylpu593%27%22%60'%22/hwrylpu593/%3E%3Chwrylpu593//%3Egktz6gq8qs& The previous value reached the sink...

Burp Suite v2023.9.1 + rooted android 7 and 8 certificate unknown

Hi Community, I want to see the http requests instagram apk on android is doing. We are part of the Whitehat Instagram / Facebook Developers which can turn off app cert pinning and tls1.3 from the official...

REPEATER REPONSE MANIPULATION !

In Repeater, we can edit request and see the response, but same way can we edit response and see output? Please illustrate with screenshots and mail me. Thank you!

Unable to Connect to PortSwigger Labs or Forum through BurpBrowser

I updated to the most recent version of Burp Suite, when trying to access any of the labs or the Forum.PortSwigger.net website when using the Burp Browser I am given an error: ERR_TIMED_OUT I am able to connect to the...