How do I? - Page 77 - Burp Suite User Forum

Cloudflare issues

My issue is when I choose either Indeed, Cloudflare, or any other target to test the Cloudflare verification screen comes up with burps embedded browser. And all it does is ask if i am human and takes forever to verify me,...

Unable to crawl

I get the following error when I attempt to crawl a site, "Paused task due to: could not connect to any seed URLs." I am able to access the site on my machine (which has Burp suite installed), I am able to access the site in...

How do I find the options tab with burp intruder

Working on the time based sql lab running intruder. All of the documentation points to me being able to click the 'options' tab to show more columns, including columns that would indicate response time. I don't have that...

Burp scanner - token based session management

Does the burp scanner support a session mechanism based on tokens stored in the web storage space. Tokens have a certain lifespan, and thus frontend applications often send requests related to token refresh (token changes)....

Re-Activation

Hello, I just reinstall my computer and when I tried to activate my Burp Suite Professional, I got error: "Activation Failed - No more activations allowed for this license". Can you help me? Thank you

Merge 2 Portswigger accounts

Hi I have 2 PortSwigger accounts, 1 that i started with while using the Community edition and the academy, and 1 i have just set up to purchase the Pro version with. Can i merge my academy progress to my new...

Can't proxy moble apps on Android Studio emulator

I've setup the Android Studio emulator with the Burp certificate. My browser traffic goes to Burp. However, the playstore doesn't work and neither do apps with the manual proxy. How do I get apps to work with Burp on...

Lab: CSRF vulnerability with no defenses

Hey all, I am working my way through your labs (which I must say are excellent) and am having trouble completing the CSRF with no defenses lab. In the exploit server, I am using the following code in the body (with...

CSRF vulnerability with no defenses -> not solved but exploit works

Hi, i'm trying to solve the lab, also the lab "CSRF where token validation depends on request method" in both labs the exploit works for me and i can change the mail. But the page with only the submit button does not...

reset labs

Can you please reset just the cross-site scripting (XSS) labs? thanks in advance

Conflicting scan configurations

If a Burp user accidentally picks two built-in scan configurations one of which excludes the other, what happens? Let's say the user adds 'Audit checks - medium active' and 'Audit checks - light active' will both medium and...

Remove false positives

Hi! I marked some issues as false positives, how can I remove them from the exclusion list? I try to get them back. Thanks!

Fix ERR_UNSAFE_PORT error on built-in browser

I'm trying to access a service listening on port 10080 and the built-in Chromium browser is returning an error: ERR_UNSAFE_PORT On "regular" Chromium I can use the explicitly-allowed-ports parameter to bypass this, but...

Getting No more activations allowed message

Hi Team, I am trying to reactivate my Burp Pro license several times on my different machines due to environmental issues. I unable to reactivate as I am getting "No more activations allowed for this license" message....

Lab: Username enumeration via different responses

Hello just updated burp to v2020.6. I'm trying to complete this lap however not sure if lab is out of date of if new version of burp is not compatible? I've got to step 8 however in the results page, all the lengh results...

[Burp Proxy with Android] No connection to proxy from other device

Hello, I've recently had this error pop up and I'm unable to fix it. I'm trying to intercept http traffic from my Android device with Burp, I have done this with the exact same setup a few days ago and it worked fine,...

getting Error

getting error while installing Burp community in kali terminal Exec format error

Burp CA certificate download

Hi, I am trying to download CA certificate from http://burp site. But this site cant be reached error is coming. How to proceed. Please help.

Fuzzing parameter names

Hello, is there a way to instruct Burp in order to include the input/parameter names in the scope of scans ? The idea is to automate this process : https://portswigger.net/blog/attacking-parameter-names And to detect...

I'm trying to run a simple CURL command to download a scan report, but getting an Error with my APi token despite it being valid

I'm trying to download a report using the CLI and after a couple of minutes it gives me this error: "curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the...