Burp Suite User Forum

Login to post

"Invalid CSRF token" after Receiving 400 Bad Request

Hello, I've been trying to Lab: 2FA Broken Logic. I have managed to brute force the 4-digit security code for the username "carlos". However, whenever I enter the code in the security prompt, it gives me "Invalid CSRF...

Last updated: Oct 05, 2020 11:31AM UTC | 3 Agent replies | 2 Community replies | How do I?

Lab: Reflected XSS into HTML context with most tags and attributes blocked

Hi all. I'm working on solving lab "Reflected XSS into HTML context with most tags and attributes blocked". I get an alert and find a pare of tag / attribute but lab does not get marked as solved. My solution is:...

Last updated: Oct 05, 2020 10:43AM UTC | 15 Agent replies | 22 Community replies | How do I?

Licensing issue

Hello, I've installed the Burp suite and provided the license key, however I continue to receive the following error and then the program exits. The error is "No more license activations for this license" ... I know what...

Last updated: Oct 05, 2020 09:10AM UTC | 1 Agent replies | 0 Community replies | How do I?

Integrate Burp Suite PRO in Microsoft Azure DevOps CI/CD pipeline ?

Do you have any detailed documentation which explains step by step about this ? I already know about https://portswigger.net/burp/extender/ci-integration and would like to work with PRO and not Enterprise. Would like to know...

Last updated: Oct 05, 2020 09:00AM UTC | 2 Agent replies | 1 Community replies | How do I?

Steps for Report involving all 22 categories

Hi, I have a professional license and have run a automated scan and the report was generated which included only 9 categories including (). The client went through the sample report provided in the link given below...

Last updated: Oct 05, 2020 08:47AM UTC | 1 Agent replies | 1 Community replies | How do I?

export websocket history

can I export websocket history as a single/multiple text file/files?

Last updated: Oct 05, 2020 08:04AM UTC | 2 Agent replies | 1 Community replies | How do I?

Lab Not Working Properly

I am trying to solve this lab(Exploiting HTTP request smuggling to perform web cache poisoning) But seems it is not working properly i tried as per video solution by Micheal sommer. Request:- POST / HTTP/1.1 Host:...

Last updated: Oct 05, 2020 07:12AM UTC | 2 Agent replies | 2 Community replies | How do I?

Lab: 2FA bypass using a brute-force attack

I have been working on this one for a while. Outside the corporate network and working from home, I have found the responses came back very slowly compared to some other similar labs I have run. Therefore, when I ran my...

Last updated: Oct 03, 2020 11:35AM UTC | 5 Agent replies | 9 Community replies | How do I?

Lab: 2FA bypass using a brute-force attack

Firstly, love all the labs you guys have, over 150 labs now, very impressive. Well done! For this lab "Lab: 2FA bypass using a brute-force attack", the solution is great, totally understand how it works etc. However,...

Last updated: Oct 03, 2020 11:35AM UTC | 3 Agent replies | 9 Community replies | How do I?

Installing Enterprise Agent

We did not install the agent (one license) during the installation of Burp Suite Enterprise. I would like to install the agent on the Enterprise server machine but did not find documentation for it. Can you please provide...

Last updated: Oct 02, 2020 02:43PM UTC | 0 Agent replies | 1 Community replies | How do I?

Lab: Using PHAR deserialization to deploy a custom gadget chain

I have a question about the Lab regarding a deserialization attack using Phar. The gadget chain used there looks like this: class CustomTemplate {} class Blog {} $object = new CustomTemplate; $blog = new...

Last updated: Oct 02, 2020 12:06PM UTC | 1 Agent replies | 2 Community replies | How do I?

Crawl with letters or specified values in body text fields

I'm trying to crawl a site with multiple pages and Burp Pro doesn't get past the first page which has several text fields (type=text) for e.g. FirstName which it fills it with numbers. And it keeps trying with different...

Last updated: Oct 02, 2020 11:05AM UTC | 2 Agent replies | 1 Community replies | How do I?

Error: Connection refused

New to Burp Suite and using the Community version. I am a web application developer wanting to learn how to test web applications for security. I am using Burp’s embedded browser with default settings. When intercepting...

Last updated: Oct 02, 2020 09:55AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Rest API - Launch a simple crawling

Hey.. i'm trying to start a simple crawl WITHOUT AUDIT CHECKS. I've saved my crawl config in the Configuration Library named as crawling_1, then.. curl -vgw "\n" -X POST 'http://127.0.0.1:1337/xxxxxxx/v0.1/scan' -d...

Last updated: Oct 02, 2020 09:10AM UTC | 1 Agent replies | 0 Community replies | How do I?

Ooops Sorry! There was a problem with your order !!!

Dears. I have paid with out sign in,,, How can I Get the license?? I got one mail items it "Ooops Sorry! There was a problem with your order." ?? Can I know what the issue?!! My case is urgent !! Please I need to...

Last updated: Oct 02, 2020 06:09AM UTC | 2 Agent replies | 0 Community replies | How do I?

Burp Scan Error

Team, Since last few days we have been receiving the below error during the scan in the CICD. IS this something you are already aware of? If yes, can you please assist me how to troubleshoot this? java -jar...

Last updated: Oct 01, 2020 11:14AM UTC | 2 Agent replies | 2 Community replies | How do I?

Client-side JSON injection (DOM-based)

Hi team, I got the following issue after running a scan on Burp and I would like to have some help to try to understand it: ************************************************************************************** Data is...

Last updated: Oct 01, 2020 10:23AM UTC | 2 Agent replies | 2 Community replies | How do I?

Lab Solution : 2FA broken logic

I am trying to solve this lab. I followed all the steps accordingly and in the end I am also getting 302 response while fuzzing. But the problem is that, when I open the 302 response in browser it is not getting me logged...

Last updated: Oct 01, 2020 08:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Username enumeration via account lock server timeout issue

I'm attempting to do this Lab, but whenever the requests reach the 400s, it keeps timing out for me, giving me a 504 error. I've tried breaking up the requests into 20, 25, and even 33/33/34 per attack, but when I do that, I...

Last updated: Sep 30, 2020 06:36PM UTC | 2 Agent replies | 2 Community replies | How do I?

Symantec AV is blocking Burp scans

Dear Team Our Organization's Symantec Anti virus is blocking the Burp scans. Please provide any steps required to perform to overcome this issue other than disabling the AV completely. Thanks & Regards Murali

Last updated: Sep 30, 2020 11:38AM UTC | 2 Agent replies | 1 Community replies | How do I?

Page 6 of 138

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image