How do I? - Page 7 - Burp Suite User Forum

Lab #5: CSRF where token is tied to non-session cookie & Lab #6: CSRF where token is duplicated in cookie issues

Hello, I have been working on the CSRF Labs and I'm having problem with the following labs: - Lab #5: CSRF where token is tied to non-session cookie - Lab #6: CSRF where token is duplicated in cookie issues For Lab...

Lab: 2FA bypass using a brute-force attack

I have been working on this one for a while. Outside the corporate network and working from home, I have found the responses came back very slowly compared to some other similar labs I have run. Therefore, when I ran my...

Web browser cannot work

when i open burp suite and intercept is off then browser is working.But when Disable or off burp suite then burp suite then browser cannot work.it shows The proxy server is refusing connections.

Unsupported or unrecognized SSL message

I have been trying to scan some of CTF challenges but whenever I try to use chrome in Burpsuit to scan, I get this message: "Error Unsupported or unrecognized SSL message" I've tried to import the CA certificate in...

Use a list of variables in the repeater

Hi, I want to enter several variables next to their data on my website, I seek to automate the process a little because there is a lot of data.

Authorisation in SSO

The application I am testing uses SSO login.microsoftonline.com. Once logged in, of course I can manually manage the token that appeared in my request history, but I would like this token to also be applied to the automatic...

Seeking Advice on Configurations for Vulnerability Assessment Scans in BurpSuite Professional

I am currently conducting vulnerability assessment and penetration testing for an OTC platform that facilitates energy import and export. The platform caters to two types of users: 1) Admin and 2) DISCOM, a normal user. I...

I am unable to open any HTTPS website after updating to v2021.8

I am getting "HTTP/2 stream error on 127.0.0.1:8080 - Flow-control limits exceeded" on opening any website running HTTPS. Tried in all the browsers, tried resetting the certificate, tried re-installing the burp suite, etc...

Insert points option in Active scans does not work.

HI, from version 2024.1.1 of Burp Suite Professional I noticed that during Active scans the insert points are no longer limited to 30 as defined in the Active scans options and even if I try to modify this option the insert...

How to transfer burp license

Dear support, I want to transfer my license to another device, but I get the following error during activation. Activation Failed no more activations allowed for this license What should I do? The license has been...

Adding X-Forwarded-For to bypass IP based brute force protection

Hi, I am using the following request on the repeater on the authentication challenge (enumeration using timing response) : POST /login HTTP/1.1 Host:...

Line Breaking Issue in Lab "CSRF where token is tied to non-session cookie"

For subject Lab, payload %0d%0a is not working on HTTP 2.0, but its working for HTTP 1.1. Can you please explain this behavior.

How to scan PHP code in Burp Suite Pro

Hi, Can you help me to scan PHP code in Burp Suite. I mean example: copy and paste PHP code from Github or Wordpress.org (plugin, theme) into Burp Suite. I used it to scan URL and send to intruder, repeater, and...

Can i keep stable and early adapter's version in the same time?

Hi,i use jar file to run burp. Can i keep stable and early adapter's version in the same computer? Will they cause any problem if i do so?

BSCP Exam

Hi, since linux is not supported by examinity, can I complete the identification process on a windows host, and the actual exam on a *different* linux based machine? Thanks in advance.

BSCP Exam - Voucher expired

Dear It seems that my BSCP exam voucher has 'expired' as it's not visible in Examity. Could you please update the expiry date? Thanks in advance!

Account

The wiener:peter account is not working

Burp Enterprise : Adding custom list of URLs to be scanned

I have an application in which tab/url/flows are based on query parameters i.e. only key value change controls the UI/page change base URL remains same so when Burp crawls the application it doesn't records those URL. Is...

Bupsuite Enterprise not responding after automatic update

Burpsuite Enterprise tried to upgrade to latest version V2024.3 using automatic update. The burp enterprise portal got down and the application is not responding. Restarted both burpsuite enterprise services, also restarted...

Exploit Server

good day. how can I set up a test exploit server or if there is any option online that can be used to test the http atacks part. Cheers...