Burp Suite User Forum
Hi, my question regards authenticated vulnerability scans. Can you please confirm if, by navigating to the website through the proxy browser and doing the manual authentication, and then starting a scan on that website...
Hi I am unable to solve this lab. *I created the base64 encoded payload using the exploit code in this site. https://www.elttam.com/blog/ruby-deserialization/ *I copied the code, changed the required parameters and...
I try to practice Blind Command Injection with OOB. But when I nslookup to Burp Collaborator like: c1edwsqnaole5654kxj12g8ga7g04p.oastify.com It is not response, I pressed "Poll now" many times. How can I do to fix it
Hello! I'm trying to solve the lab "Web cache poisoning via ambiguous requests", but when I send the request: GET /?cb=123 HTTP/1.1 Host: 0acd0096031d9194836bfbf000b1009a.h1-web-security-academy.net Host:...
Can I specify a regex to exclude some URLs from scanning?
Hello, I'm playing around with BURP in proxy mode and noticed it does not record requests that gets a 4xx reponse (404, 401, ...). When I check the scope, I see all requets made towards a host except 4xx I couldn't find...
Hello. I already completed the lab "Exploiting Java deserialization with Apache Commons" weeks ago and now I wanted to do it again but it doesn't work because I get a java error when I execute ysoserial. Maybe it's...
HTTP/2 stream error on flow control limit exceed
Hello; While doing my exam i got Disconnected from examity and they refused to restart the proctoring session. " As per our records we see that exam has already processed and you cannot continue with same appointment. We...
Hello team, I am currently using the standalone JAR file of Burp Suite and I'to optimize its performance by increasing the allocated amount of RAM. any way to increase the RAM size? Thanks
Hi, Support manager. I have to activate my burp pro, but I can't. I did it may by 6 or 7 times because of different virtuals and systems, for example arch was crashed or it was necessary for work, 1 project = 1 virtual. Can...
Hi, I would like to bring up BURP using command line (without any GUI) for automation. I want to fill in options such as --domain, --proxy (authentication required), --concurrency,... where should I handle it? Thanks...
Hi, My scan errored out with the reason "Errors: skipping phase A2. Too many ..." I fixed the issue and I want the scan to continue from where it left off. That is, from A2 phase instead of starting from scratch. But I do...
I am using BurpSuite Professional in run in headless mode on my server. I also load user config to BurpSuite and open API runs on http://localhost:1337. When I create a scan via API /scan, in field "applications_login", I...
I am attempting to solve the "H2.CL request smuggling" lab. I verified that I can trigger the JavaScript alert when I simulate a victim user myself (e.g. I visit the home page in a separate session, then send the malicious...
I do not get any email notification for replies on my forum posts. I have to come back periodically and monitor the threads myself. Is there any way to enable email notification for forum replies?
I cant find the box anywhere, nor with a search or visually, how can i mark a document as being read ?
Please help me, the interface of burpsuite looks very bad here is a picture. cheers https://postimg.cc/qgygcFjm
Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d...
I am trying to perform some automated scans of a web application that utilizes a JWT in the URL, which has an expiration date of 10 minutes. The JWT always appears at the end: /api/v2/fakeendpoint/<JWT> I have seen...
Page 6 of 291
Your source for help and advice on all things Burp-related.