How do I? - Page 6 - Burp Suite User Forum

Authenticated vulnerability scans

Hi, my question regards authenticated vulnerability scans. Can you please confirm if, by navigating to the website through the proxy browser and doing the manual authentication, and then starting a scan on that website...

Exploiting Ruby deserialization using a documented gadget chain

Hi I am unable to solve this lab. *I created the base64 encoded payload using the exploit code in this site. https://www.elttam.com/blog/ruby-deserialization/ *I copied the code, changed the required parameters and...

Burp Collaborator not working

I try to practice Blind Command Injection with OOB. But when I nslookup to Burp Collaborator like: c1edwsqnaole5654kxj12g8ga7g04p.oastify.com It is not response, I pressed "Poll now" many times. How can I do to fix it

Web cache poisoning via ambiguous requests

Hello! I'm trying to solve the lab "Web cache poisoning via ambiguous requests", but when I send the request: GET /?cb=123 HTTP/1.1 Host: 0acd0096031d9194836bfbf000b1009a.h1-web-security-academy.net Host:...

Exclude URLs

Can I specify a regex to exclude some URLs from scanning?

Record 4xx requests

Hello, I'm playing around with BURP in proxy mode and noticed it does not record requests that gets a 4xx reponse (404, 401, ...). When I check the scope, I see all requets made towards a host except 4xx I couldn't find...

ysoserial stopped working

Hello. I already completed the lab "Exploiting Java deserialization with Apache Commons" weeks ago and now I wanted to do it again but it doesn't work because I get a java error when I execute ysoserial. Maybe it's...

Flow control limit exceed

HTTP/2 stream error on flow control limit exceed

Disconnected from examity

Hello; While doing my exam i got Disconnected from examity and they refused to restart the proctoring session. " As per our records we see that exam has already processed and you cannot continue with same appointment. We...

How to increase the amount of RAM used by burpsuite

Hello team, I am currently using the standalone JAR file of Burp Suite and I'to optimize its performance by increasing the allocated amount of RAM. any way to increase the RAM size? Thanks

No more activations allowed for this license

Hi, Support manager. I have to activate my burp pro, but I can't. I did it may by 6 or 7 times because of different virtuals and systems, for example arch was crashed or it was necessary for work, 1 project = 1 virtual. Can...

Burpsuite Scan using command line

Hi, I would like to bring up BURP using command line (without any GUI) for automation. I want to fill in options such as --domain, --proxy (authentication required), --concurrency,... where should I handle it? Thanks...

Continue the scan after it has errored out in specific phase.

Hi, My scan errored out with the reason "Errors: skipping phase A2. Too many ..." I fixed the issue and I want the scan to continue from where it left off. That is, from A2 phase instead of starting from scratch. But I do...

How can I scan via Burp Pro API /scan with authentication script

I am using BurpSuite Professional in run in headless mode on my server. I also load user config to BurpSuite and open API runs on http://localhost:1337. When I create a scan via API /scan, in field "applications_login", I...

Help with H2.CL request smuggling lab

I am attempting to solve the "H2.CL request smuggling" lab. I verified that I can trigger the JavaScript alert when I simulate a victim user myself (e.g. I visit the home page in a separate session, then send the malicious...

Enable email notification for forum replies

I do not get any email notification for replies on my forum posts. I have to come back periodically and monitor the threads myself. Is there any way to enable email notification for forum replies?

How do I mark a document as complete

I cant find the box anywhere, nor with a search or visually, how can i mark a document as being read ?

user interface looks very bad

Please help me, the interface of burpsuite looks very bad here is a picture. cheers https://postimg.cc/qgygcFjm

Burp Rest API - Launch a simple crawling

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d...

Help with Custom Extension / Macro Involving Auth Tokens in URL

I am trying to perform some automated scans of a web application that utilizes a JWT in the URL, which has an expiration date of 10 minutes. The JWT always appears at the end: /api/v2/fakeendpoint/<JWT> I have seen...