How do I? - Page 74 - Burp Suite User Forum

How do I tell Burp Suite Pro to use a hashtag (#) as a fragment?

Hi, I've opened up Burp Suite Pro and have read https://portswigger.net/burp/documentation/scanner/scan-configurations/crawl-options but I'm non the wiser about how to add a hashtag (#) as a fragment The situation is I...

Follow Redirects while Auditing

I am hoping to scan a web application that uses 302 redirects in response to almost every request made. I'm able to get Burpsuite to follow redirects when using Intruder but cannot reproduce this for Scanner. Is this...

Burp Suite Professional debug logs

Dear PortSwigger, Where are the debug/error logs located for Burp Suite Professional? I'm using Burp Suite Professional 2023.2.4. Thanks in advance.

Excluded url being crawled in scan.

Hi, I marked a url as excluded using Advanced scope control but i can see the url being crawled during the scan. Refer attached screenshot which shows the scan details configuration. Please suggest. Best...

Getting Installed Extensions

Hey, I would like to write a tool that creates a user config file containing a base set of extensions + any additional extensions the user already has installed. To do this, I would like to be able to export the current...

No more activations allowed for this license

Hi, I change my laptop and need install burp suite. Thanks

Burp suite adds some headers to all the requests automatically every time

Hi, Why does Burp suite add these headers below to all the requests automatically? Referer: http://hbwlee15zhskwus2avvaxperlircq2oqd.oastify.com/ref Cf-Connecting_ip:...

How to intercept traffic of the application in the Azure Virtual Desktop?

I have an application that can only be accessed via Azure Virtual Desktop (AVD) browser. How to intercept traffic from it? I tried to intercept the traffic. But all I got is something like "RailProtocolState" only.

Session manager not handling rules, "vetoing rule"

Hello, I made a session rule to handle logging into my test application when redirected to the login page. When using the Repeater tool, this rule works perfectly. However, when using scan/crawl. This rule seems to be...

Private burp collaborator

Hello, i deployed private burp collaborator server. Is it possible to make a private burp collaborator client, for example on python? I know, that i can generate n payloads at burp suite and paste in into my code, but i...

extract uploaded image from burp http history

Hello, anyone knows how to extract the image from burp history after it was uploaded earlier. Thanks!

Intruder Attack Results missing?

I was using Intruder this morning (and past month) and after a few attacks this morning the results pane is no longer showing the requests. Even on same site I was using in previous attacks. I am trying to do the...

cannot regenerate new passwords

My google account got disabled and i can not retrieve my data anymore including my new or old passwords how can i get my password back to login agaim..

Integrate Burp Suite PRO in Microsoft Azure DevOps CI/CD pipeline ?

Do you have any detailed documentation which explains step by step about this ? I already know about https://portswigger.net/burp/extender/ci-integration and would like to work with PRO and not Enterprise. Would like to know...

Installing burp extensions from the commandline?

We would like to create a "burp package" where a user can run a script and have all the required burp extensions installed in one shot. Is it possible to install burp extensions via the command line so that it may be...

I cannot view the contents of streaming responses within the HTTP history

I enabled the option "Store streaming responses (may result in large temp files)", but I cannot view these contents in the HTTP history. How can I view these contents?

Reset the Websocket lab

I was practicing the lab 2 of Websocket. Then according to lab excercise the IP is blocked. Even if i follow the solution the live chat page stays disconnected and I'm not able to reconnect. Pls help in resetting the lab

Test for MFA bypass vuln

I was just reading the article below and was wondering how one could scan for such a vulnerability. Would it show up in the default scan, or would extensions/customizations need to be made to...

Project scope settings when launching scans using REST API

Hi, 1. Background. I am automating tasks with Burp Suite PRO and launching scans using REST API. 2. Problem. I am unable to exclude paths using "advanced scope". I am specifying URL to scan, and regex for paths to be...

2 Questions about Burp Collaborator and using older SSL/TLS protocols

Hello, I was wondering if it is possible to enable older ssl/tls 1.0 & 1.1 on a private collaborator server? The company I work for sometimes tests clients using older infrastructure and we have run into issues in the past,...