Burp Suite User Forum

Login to post

Some BUG in Intruder "Scan defined Insertion points"

Burp Pro 2021.4.2 When I select in top menu Intruder -> Scan defined insertion points -> Add to task, Burp do scanning NOT ONLY insertion points selected by § symbol, but do scan in other usual points: headers, POST...

Last updated: May 04, 2023 08:42AM UTC | 4 Agent replies | 3 Community replies | How do I?

Activation failed for my Burp Pro which was working a month back

I had a Burp Pro installed on a server which was working fine a month back. Today, it again prompted for activation but it failed. What should I do?

Last updated: May 04, 2023 08:11AM UTC | 1 Agent replies | 0 Community replies | How do I?

Academy progress reset

Hi, can I reset my lab and learning material progress in the academy? Thank you very much.

Last updated: May 04, 2023 06:38AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Reflected XSS protected by very strict CSP, with dangling markup attack

I can't complete the lab. After I "Deliver the exploit" to victim, I get nothing in the Collaborator. No response at all. I follow everything it says in the solution, I tried several videos with people doing it, but nothing...

Last updated: May 03, 2023 11:39AM UTC | 1 Agent replies | 1 Community replies | How do I?

I re-installed Burp Pro and Activation Failed

I tried to install burp pro on my new machine and it failed to activate the key. Help me on activating it.

Last updated: May 03, 2023 10:54AM UTC | 2 Agent replies | 2 Community replies | How do I?

Lab1: Blind SQL injection with conditional errors

Hi, I was doing the blind sql lab using the cookies but when i intercept the link on my burp suite community edition, i can't locate the Tracking Id. What would be the problem because all its like my burp isn't getting the...

Last updated: May 02, 2023 12:32PM UTC | 1 Agent replies | 1 Community replies | How do I?

Lab: Routing-based SSRF - Published solution generates 403

When I have an entry in the Host: header other than the lab host, I receive a 403 error (every time) The published solution says to put collaborator hosts in there; and then to use 192.168.0.x... But both those scenarios...

Last updated: May 02, 2023 11:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

400 bad request no ssl sent in postman response

Hello, I am using postman and want to integrate it with burpsuite. I have turned off ssl certificate in general settings in postman. I am getting the response when custom proxy is turned off, however I am getting error when...

Last updated: May 02, 2023 07:38AM UTC | 2 Agent replies | 1 Community replies | How do I?

Lab: Reflected XSS in a JavaScript URL with some characters blocked

why do we need '} and {x:' in this payload - &'},x=x=>{throw/**/onerror=alert,1337},toString=x,window+'',{x:' ?

Last updated: May 01, 2023 12:31PM UTC | 0 Agent replies | 0 Community replies | How do I?

No more activations allowed for this license. - after update

Occasionally, I used one license for several Burp versions (on one computer). Now I am receiving a "No more activations allowed for this license." I need your help My order number is FB86651C4E Thanks

Last updated: May 01, 2023 12:16PM UTC | 1 Agent replies | 1 Community replies | How do I?

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type:...

Last updated: May 01, 2023 07:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

Academy: CSRF token is simply duplicated in a cookie

Hello. I've been struggling to resolve a few CSRF challenges, as for example "CSRF token is simply duplicated in a cookie" I think I understand the vulnerability and how to exploit it, I followed carefully all steps on...

Last updated: Apr 29, 2023 09:34PM UTC | 1 Agent replies | 4 Community replies | How do I?

Proxy curl request through Burpsuite

Hi, I'm trying to proxy an API call with configured certificate and keyfile though Burpsuite. My original (working) curl command: curl v --key my-key.pem --cert my-cert.crt -H 'Host: my.api.host'...

Last updated: Apr 28, 2023 01:50PM UTC | 3 Agent replies | 2 Community replies | How do I?

Web pages don't load through proxy, is this normal?

My problem is something I expected to be rather common, but apparently not. I have set up Burp Suite with Firefox and have used all the correct settings, and it is connecting to the proxy on 127.0.0.1:8080. The Burp Suite...

Last updated: Apr 28, 2023 12:37PM UTC | 16 Agent replies | 21 Community replies | How do I?

Lab: Broken brute-force protection, multiple credentials per request CSRF Token issue

When trying to do this lab whenever I send any credentials I get the following error. "Invalid CSRF token (session does not contain a CSRF token)" Even when I just send one credential as a test to see the format. Is...

Last updated: Apr 28, 2023 11:26AM UTC | 8 Agent replies | 8 Community replies | How do I?

Burp Intruder Payloads into Makro

Hello There, I am currently working on this lab: 2FA bypass using a brute-force attack. I think i have the solution but the problem is i can't get it running. The main problem is that i can't figure out how to pass a...

Last updated: Apr 28, 2023 10:32AM UTC | 1 Agent replies | 1 Community replies | How do I?

Cluster bomb attack

Hi, I am new to Burp and I am testing the cluster bomb attack. When using the intercept to send an authentication request with username and password to an IAM solution, I get a response with code 200. I send this request...

Last updated: Apr 28, 2023 09:33AM UTC | 1 Agent replies | 0 Community replies | How do I?

I can't open any portswigger lab using burp suite browser

Whenever I try accessing any lab using burp suite built-in broswer it loads for a while and, then, says: "Can't access the website". What might be the problem? What should I do?

Last updated: Apr 28, 2023 07:49AM UTC | 2 Agent replies | 2 Community replies | How do I?

scan configuration

I have some question about 4 modes of scan configuration: Lightweight, Fast, Balanced, Deep: - How are those 4 modes different (except for the time issue)? Example: Deep used XSS, but the other 3 modes do not,.... - How...

Last updated: Apr 28, 2023 01:40AM UTC | 3 Agent replies | 4 Community replies | How do I?

Lab: Username enumeration via account lock

Hi, I am not getting the required response, which contains the phrase - "You have made too many incorrect login attempts." Out of a possible 505 requests, not one has a different length and all of them have 200...

Last updated: Apr 27, 2023 04:18PM UTC | 3 Agent replies | 3 Community replies | How do I?

Page 6 of 277

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image