Burp Suite User Forum
Burp Pro 2021.4.2 When I select in top menu Intruder -> Scan defined insertion points -> Add to task, Burp do scanning NOT ONLY insertion points selected by § symbol, but do scan in other usual points: headers, POST...
I had a Burp Pro installed on a server which was working fine a month back. Today, it again prompted for activation but it failed. What should I do?
Hi, can I reset my lab and learning material progress in the academy? Thank you very much.
I can't complete the lab. After I "Deliver the exploit" to victim, I get nothing in the Collaborator. No response at all. I follow everything it says in the solution, I tried several videos with people doing it, but nothing...
I tried to install burp pro on my new machine and it failed to activate the key. Help me on activating it.
Hi, I was doing the blind sql lab using the cookies but when i intercept the link on my burp suite community edition, i can't locate the Tracking Id. What would be the problem because all its like my burp isn't getting the...
When I have an entry in the Host: header other than the lab host, I receive a 403 error (every time) The published solution says to put collaborator hosts in there; and then to use 192.168.0.x... But both those scenarios...
Hello, I am using postman and want to integrate it with burpsuite. I have turned off ssl certificate in general settings in postman. I am getting the response when custom proxy is turned off, however I am getting error when...
why do we need '} and {x:' in this payload - &'},x=x=>{throw/**/onerror=alert,1337},toString=x,window+'',{x:' ?
Occasionally, I used one license for several Burp versions (on one computer). Now I am receiving a "No more activations allowed for this license." I need your help My order number is FB86651C4E Thanks
POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type:...
Hello. I've been struggling to resolve a few CSRF challenges, as for example "CSRF token is simply duplicated in a cookie" I think I understand the vulnerability and how to exploit it, I followed carefully all steps on...
Hi, I'm trying to proxy an API call with configured certificate and keyfile though Burpsuite. My original (working) curl command: curl v --key my-key.pem --cert my-cert.crt -H 'Host: my.api.host'...
My problem is something I expected to be rather common, but apparently not. I have set up Burp Suite with Firefox and have used all the correct settings, and it is connecting to the proxy on 127.0.0.1:8080. The Burp Suite...
When trying to do this lab whenever I send any credentials I get the following error. "Invalid CSRF token (session does not contain a CSRF token)" Even when I just send one credential as a test to see the format. Is...
Hello There, I am currently working on this lab: 2FA bypass using a brute-force attack. I think i have the solution but the problem is i can't get it running. The main problem is that i can't figure out how to pass a...
Hi, I am new to Burp and I am testing the cluster bomb attack. When using the intercept to send an authentication request with username and password to an IAM solution, I get a response with code 200. I send this request...
Whenever I try accessing any lab using burp suite built-in broswer it loads for a while and, then, says: "Can't access the website". What might be the problem? What should I do?
I have some question about 4 modes of scan configuration: Lightweight, Fast, Balanced, Deep: - How are those 4 modes different (except for the time issue)? Example: Deep used XSS, but the other 3 modes do not,.... - How...
Hi, I am not getting the required response, which contains the phrase - "You have made too many incorrect login attempts." Out of a possible 505 requests, not one has a different length and all of them have 200...
Page 6 of 277
Your source for help and advice on all things Burp-related.