How do I? - Page 6 - Burp Suite User Forum

unable to access The web application hackers handbook link

hello everyone, I am reading and practicing from the portswigger academies The web application Hackers handbook. If you are a old user of portswigger academy you know that in early time the url to access this was like...

I wonder why I'm not getting any contact from Burp Swigger

I sent a request email for a free trial of Burp Pro, but I haven’t received a reply within 24 hours. I submitted and requested the Burp free trial several times on this page https://portswigger.net/burp/pro/trial, but I...

No more activations allowed for this license

Hi!! Unfortunately I have had to reinstall my pc on several occasions and now when I try to install burp suite, I get the error "No more activations allowed for this license" Could you help me...

Return 500 during intruder attack with Lab: Exploiting NoSQL operator injection to extract unknown fields

Hello, When doing this lab : https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-extract-unknown-fields The intruder attack return error 500 for each request with this payload...

Burp2 URL exclusion for scan, but not for session

For Burp2 and Burp EE - how do I exclude the URL for scanning, but not for crawling part? That is, the login is taken care of by 3rd party authentication mechanism located in external domain. Example: Test scope URL:...

not getting expected responses

i am doing brute force labs but i am not receiving expected response from last 2 or 3 labs currently i am doing " Password brute-force via password change " this lab and Sec-Fetch-Site: same-origin Sec-Fetch-Mode:...

Hitting ERR_BLOCKED_BY_ORB when trying to intercept my local server

I'm currently using Burp Suite Community Edition, and im Hitting ERR_BLOCKED_BY_ORB on some of my .js request when trying to load my application then the page just become blank. I would greatly appreciate any help or advice...

Request to Delete My Account

I hope this message finds you well. I am writing to request the deletion of my account associated with the email address [your email address]. Please confirm the account deletion process and let me know if you need any...

Lab Not Working Properly

I am trying to solve this lab(Exploiting HTTP request smuggling to perform web cache poisoning) But seems it is not working properly i tried as per video solution by Micheal sommer. Request:- POST / HTTP/1.1 Host:...

Lab: Cross-site WebSocket hijacking - Solution doesn't work

Hi all! Having some issues with Lab: Cross-site WebSocket hijacking, I'm using Burp Pro, I followed the solution provided and I get HTTP/DNS polling back from my local machine when I use the javascript CSRF payload...

Zscaler blocking the burp suite interactions

Hi Team, We are facing the issue that Zscaler is blocking the burp suite interactions like being unable to add extensions and use collaborators. On troubleshooting this issue we observe this seems to be an SSL issue, Burp...

How do I turn off extension auto-highlighting?

this might be a very dumb question, but when using an extension which performs auto highlighting in the proxy tab, how can i turn that off? for example - JWT Editor, an otherwise wonderful piece of software, highlights...

Question about OAuth account hijacking via redirect_uri

I was working on this lab, when i found, when you send the malformed request i mean the redirect_uri value --> it immediately sends back you the token --> my Question is should i assume that the lab is skipping the...

Trouble with Burp Suite Pro license key

Hello, I installed and activated Burp Suite Pro for single user in my virtual machines, but I did not create a snapshot with the activated license key. So, when I reversed back the VM, I could not activate a new instance of...

Reset labs progress

Hi there, Can you please reset my training labs progress? I'd like to be able to start again from scratch

Client-side prototype pollution in third-party libraries

Hi, I'm having trouble with the lab, after I exploited the vulnerability and tested It on myself the XSS fired with alert(1) but when I tried alert(document.cookie) the cookies didn't appear and there's no attribute prevent...

Issue with port swigger lab HTTP request smuggling

I am trying to solve this lab but every time the same error pops up that is "Read Timeout". I have tried everything but the error is still there. Can you please help with this. Here are the images of request...

Getting Inconsistent Results when running Lab: Username enumeration via different responses

Hi team, I am running the Authentication Lab with Burp Suite inside Kali Linux on top of Virtual Box and when I open Burp I use the built-in Chromium browser.Wwhen I run the intruder attack using Sniper, Single...

Intercept On not working

hello, Did something change with the newest release of Burp Pro v2024.7.0? when I turn on intercept, and capture the request. I see the same request repeating every 5 seconds. e.g.; 14:40:25 13 Sep 2024 HTTP ->...

Automated scan through Keycloack

Hello, Using BurpSuite professional, i want to perform automated scanning on an application that has no authentication mechanism. They use keycloak instead so that people can authenticate. The problem is, BurpSuite...