Burp Suite User Forum

Login to post

Authenticated vulnerability scans

Hi, my question regards authenticated vulnerability scans. Can you please confirm if, by navigating to the website through the proxy browser and doing the manual authentication, and then starting a scan on that website...

Last updated: Aug 25, 2023 01:05PM UTC | 3 Agent replies | 2 Community replies | How do I?

Exploiting Ruby deserialization using a documented gadget chain

Hi I am unable to solve this lab. *I created the base64 encoded payload using the exploit code in this site. https://www.elttam.com/blog/ruby-deserialization/ *I copied the code, changed the required parameters and...

Last updated: Aug 25, 2023 10:51AM UTC | 3 Agent replies | 4 Community replies | How do I?

Burp Collaborator not working

I try to practice Blind Command Injection with OOB. But when I nslookup to Burp Collaborator like: c1edwsqnaole5654kxj12g8ga7g04p.oastify.com It is not response, I pressed "Poll now" many times. How can I do to fix it

Last updated: Aug 25, 2023 10:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Web cache poisoning via ambiguous requests

Hello! I'm trying to solve the lab "Web cache poisoning via ambiguous requests", but when I send the request: GET /?cb=123 HTTP/1.1 Host: 0acd0096031d9194836bfbf000b1009a.h1-web-security-academy.net Host:...

Last updated: Aug 25, 2023 07:19AM UTC | 2 Agent replies | 2 Community replies | How do I?

Exclude URLs

Can I specify a regex to exclude some URLs from scanning?

Last updated: Aug 24, 2023 02:21PM UTC | 4 Agent replies | 3 Community replies | How do I?

Record 4xx requests

Hello, I'm playing around with BURP in proxy mode and noticed it does not record requests that gets a 4xx reponse (404, 401, ...). When I check the scope, I see all requets made towards a host except 4xx I couldn't find...

Last updated: Aug 24, 2023 02:02PM UTC | 2 Agent replies | 1 Community replies | How do I?

ysoserial stopped working

Hello. I already completed the lab "Exploiting Java deserialization with Apache Commons" weeks ago and now I wanted to do it again but it doesn't work because I get a java error when I execute ysoserial. Maybe it's...

Last updated: Aug 24, 2023 01:39PM UTC | 8 Agent replies | 9 Community replies | How do I?

Flow control limit exceed

HTTP/2 stream error on flow control limit exceed

Last updated: Aug 24, 2023 01:20PM UTC | 1 Agent replies | 0 Community replies | How do I?

Disconnected from examity

Hello; While doing my exam i got Disconnected from examity and they refused to restart the proctoring session. " As per our records we see that exam has already processed and you cannot continue with same appointment. We...

Last updated: Aug 24, 2023 08:50AM UTC | 1 Agent replies | 0 Community replies | How do I?

How to increase the amount of RAM used by burpsuite

Hello team, I am currently using the standalone JAR file of Burp Suite and I'to optimize its performance by increasing the allocated amount of RAM. any way to increase the RAM size? Thanks

Last updated: Aug 24, 2023 08:25AM UTC | 1 Agent replies | 0 Community replies | How do I?

No more activations allowed for this license

Hi, Support manager. I have to activate my burp pro, but I can't. I did it may by 6 or 7 times because of different virtuals and systems, for example arch was crashed or it was necessary for work, 1 project = 1 virtual. Can...

Last updated: Aug 23, 2023 04:14PM UTC | 1 Agent replies | 1 Community replies | How do I?

Burpsuite Scan using command line

Hi, I would like to bring up BURP using command line (without any GUI) for automation. I want to fill in options such as --domain, --proxy (authentication required), --concurrency,... where should I handle it? Thanks...

Last updated: Aug 23, 2023 01:54PM UTC | 2 Agent replies | 2 Community replies | How do I?

Continue the scan after it has errored out in specific phase.

Hi, My scan errored out with the reason "Errors: skipping phase A2. Too many ..." I fixed the issue and I want the scan to continue from where it left off. That is, from A2 phase instead of starting from scratch. But I do...

Last updated: Aug 22, 2023 02:53PM UTC | 2 Agent replies | 1 Community replies | How do I?

How can I scan via Burp Pro API /scan with authentication script

I am using BurpSuite Professional in run in headless mode on my server. I also load user config to BurpSuite and open API runs on http://localhost:1337. When I create a scan via API /scan, in field "applications_login", I...

Last updated: Aug 22, 2023 09:36AM UTC | 3 Agent replies | 3 Community replies | How do I?

Help with H2.CL request smuggling lab

I am attempting to solve the "H2.CL request smuggling" lab. I verified that I can trigger the JavaScript alert when I simulate a victim user myself (e.g. I visit the home page in a separate session, then send the malicious...

Last updated: Aug 22, 2023 08:54AM UTC | 9 Agent replies | 16 Community replies | How do I?

Enable email notification for forum replies

I do not get any email notification for replies on my forum posts. I have to come back periodically and monitor the threads myself. Is there any way to enable email notification for forum replies?

Last updated: Aug 22, 2023 07:58AM UTC | 3 Agent replies | 2 Community replies | How do I?

How do I mark a document as complete

I cant find the box anywhere, nor with a search or visually, how can i mark a document as being read ?

Last updated: Aug 22, 2023 07:44AM UTC | 3 Agent replies | 2 Community replies | How do I?

user interface looks very bad

Please help me, the interface of burpsuite looks very bad here is a picture. cheers https://postimg.cc/qgygcFjm

Last updated: Aug 21, 2023 06:28PM UTC | 2 Agent replies | 3 Community replies | How do I?

Burp Rest API - Launch a simple crawling

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d...

Last updated: Aug 21, 2023 01:50PM UTC | 2 Agent replies | 2 Community replies | How do I?

Help with Custom Extension / Macro Involving Auth Tokens in URL

I am trying to perform some automated scans of a web application that utilizes a JWT in the URL, which has an expiration date of 10 minutes. The JWT always appears at the end: /api/v2/fakeendpoint/<JWT> I have seen...

Last updated: Aug 21, 2023 01:29PM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 6 of 291

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image