How do I? - Page 66 - Burp Suite User Forum

How do I add redundant links regex in Burp Scanner

My application has redundant links like below. How can I instruct Burp Scanner to scan only one instance of the link and not all if I start a scan directly from...

Burp is keep asking the license key

Hi, I have BURP installed on one of my windows server 2012 R2 machine. For some times it is always asking me to enter license key when I login to the machine. If I logged in to the machine and exit BURP after adding...

burp suites

My keyboard stops working whenever i turn on my burp suites on kali Linux on my VM machine. If I turn off burp suites, it starts responding. I have since increased the size of my RAM and yet no response. I need help.

How to test a mobile app that use SSL Pinning?

The app I must test wrote in Flutter. I can intercept requests from Chatwork, Zalo, etc... excluding this app. I guess that because the Framework Flutter use SSL Pinning as default. I don't have a root devices, also do not...

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

It seems that I still cannot exploit this vulnerability even though request smuggler picked it up in the scan. I have reused what the scanner used and still cannot get the desired result. I even went on to the solution to...

Open redirection (DOM-based)

When Burp scans an application, it reports "The application may be vulnerable to DOM-based open redirection: Data is read from document.location.pathname and passed to the 'open()' function of an XMLHttpRequest object via...

redirect in sso app

Hi I have listener 127.0.0.1:8081 in burp suite . my home page is localhost:8080 but when click a link like login as , app redirect to other application and burp browser can not reach it. How to access to other app from...

ctrl+c, ctrl+letter Does not work

Hi, In the Proxy/Repeater panes, any shortcuts that require CTRL do not work. However, CTRL+X, C, and V continue working in search boxes and the Decoder Pane. when I tried changing hotkeys I can put Ctrl+NumPad-2 but not...

Proxy traffic

I have a question regarding Proxy. The same version of the application is installed on two computers. On visiting the same website on one computer I got https crossed and I can inspect all traffic and on other computer same...

High CPU and Memory Utilization

Before I used Professional 2020.2, I had used Professional 2.1.05 and same problems has also occured which arrive CPU utilization to 100% and then, in some seconds, Burp is closed without any notification. Whenever scanner...

Enterprise - Generic CI Driver - Expected 101 when negotiating websocket

Hi, As part of evaluating the enterprise edition for our company I have to try and use the generic CI driver for build integration. So far I've been trying to use it locally only (no build environment involved) and for...

Configure multiple NTLM credentials for the same target?

Testing an application that uses NTLMv2 auth, Platform authentication works fine to log into it. But I have multiple test accounts I need to switch between. It seems that you can only have one entry for a given...

I am unable to access the lab

I am unale to access the lab. Whenever i click on "access the lab" It throws an error "0add001a0399eb8081d539c90077000b.web-security-academy.net took too long to respond.".Please help me out.

Repeater 304 response

The 'proxy' response returned 304, and I enabled the 'Require non cached response'. This problem has been resolved. Is there a way to resolve the 304 response in the 'repeater'

Blind SQL injection with conditional responses

Hi everyone, I'm trying to brute force the password for the administrator user, but I'm not sure how to proceed. I've tried using the payload, but it's not working.

what

#"><img src=/ onerror=alert(2)>

Questions

I have some questions regarding the software. 1) Since Burp Suite will be accessing our data, is there a certificate or proof that Burp Suite does not store such information once we are done using the software? I am...

How do I remove endpoint populated in the Target Map added by Active Scan?

Burp's active scan mutates enpoints and performs parameter injection. As a result, the target map gets polluted with non-existent URLs. Is there a way to remove these noises from the target map?

OWASP Top Ten 2021 and Reporting for Burp Suite Professional

Hi, Got a few questions: 1 - May I know if OWASP Top Ten 2021 already integrated in Burp Suite Professional? How to check it through the application? 2 - Do Reporting function available for Burp Suite Professional? If...

How do I send multiple URLs from the Target Map to the Auth Analyzer plugin?

If I click on a node in the Target Map and send the URL to Auth Analyzer, only one URL gets sent. Instead, is there a way to send all the URLs under a node to Auth Analyzer (I think the question is more general, it could...