How do I? - Page 72 - Burp Suite User Forum

Lab: HTTP/2 request smuggling via CRLF injection

Hello, I am doing the 'Lab: HTTP/2 request smuggling via CRLF injection', but for some reason, the GET request always contains a session cookie that is truncated (consists only of four characters); the full session cookie...

Unable to Access Labs in Burp Browser

Hello team, I am unable to access any laboratory using the Burp's Browser as I receive the response 'This site cannot be accessed' or 'Stream failed to close correctly.' However, I am able to open and connect to the labs...

After completing labs, it's still showing lab as not completed

i finished lab LAB4 Exploiting clickjacking vulnerability to trigger DOM-based XSS (PRACTITIONER) and Basic clickjacking with CSRF token protection (APPRENTICE) but it still shows as not solved... Please can you...

Reset BURP License

What if I want to use a different license to activate BURP now? I am on Catalina and I am just not able to do that. Every time I try removing BURP pro & reinstalling it, it automatically gets activated with the previous...

Proxy options sub-tab

this should be easy for someone, I am learning burpsuite and watched a video of how to use match and replace presaved settings. Supposedly located under proxy in the options sub-tab. My burpsuite does not have this options...

Request Smuggling - Lab does not work

Hi there, when I try to send request smuggling it does not work at all. Request; POST / HTTP/1.1 Host: 0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type:...

Won't progress past a URL

How can I skip a URL within a site while testing? I've scoured the forums and I can't seem to find a definitely answer. I don't have time to run BurpSuite manually to forward requests through Repeater, I just want it to run...

Sequencer: Token generation requires two requests

I would like to analyse token generated for a client's API. However their token generation mechanism requires a POST followed by a GET. The GET has the token embedded in the response body. Sequencer appears to be able to...

Burp Suite doesn't intercept requests made to the localhost

Hey everyone, For some days, I've been experiencing some issues with the burp suite on the brave browser, it doesn't intercept any requests being made to the localhost. I know this is a duplicate topic but the previous...

Academy

"I can no longer access the lab using BurpSuite's browser. I was able to access it before, and I can still view the lab's problems. I can't access it using either the Pro or Community versions, even after reinstalling....

Burpsuite Professional Kali Linux installation

Hello, I am trying to install BurpSuite Professional in my Kali Linux environment, but neither the online nor the manual activation work. They both fail with activation failed/an error occurred messages, respectively. Is...

How to save predefined payload list custom directory to JSON config file?

Hi, when I go to Intruder - Configure predefined payload lists -> can I create a JSON project/user config file with pre-selected directory of my choice for loading custom lists? I tried exporting User and Project...

JRE warning magic number

Hi, I use the Java version of Burp Suite Professional in Kali linux and on the first start it shows the well known message "Your JRE appears to be version 17.0.5 from Debian." When I check "Don't show again for this JRE"...

Multistep clickjacking - Not working with proper alignment

This is not working for "Multistep clickjacking" lab. I have tested it in chrome browser and the both buttons align properly. <style> iframe { position:relative; width:500px; height: 700px; opacity:...

Omit false positives

Hi Can I know how we can omit the false positives in burp suite professional? Thank you!

Replace URL in responses during a scan

Hi there, I'm testing a local instance of a web application using Burp Suite Pro 2023.3.2. As I need to test a copy of a web application that is used in production, all the links in web pages that I receive from the...

Does dll files in dotnet projects gets scanned by burp Scanner.

Hi, I am using Burp Suite Professional version to scan the DotNet applications. I had a doubt whether the .dll files gets scanned in dotnet.mbc projects? And if it gets scan, where and how should I check it?

CI/CD API scan using REST API (native API)

We are wanting to scan APIs. We have a CI/CD pipeline. Want to know how can that be achieved using the Burp's native API.

Can't able to access the web page after enabling Proxy with Burb

I'm Using Professional Trail Version, I enabled a Proxy connection between Firefox & burp suite after the connection was done I'm unable to access the site, getting errors as "www.google.com is most likely a safe site,...

Problem about CSRF lab: SameSite Lax bypass via method override

url of the lab:https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-lax-bypass-via-method-override For some reason default Chromes' behaviour of applying SameSite=Lax to the cookie when...