How do I? - Page 8 - Burp Suite User Forum

Burp Enterprise : Adding custom list of URLs to be scanned

I have an application in which tab/url/flows are based on query parameters i.e. only key value change controls the UI/page change base URL remains same so when Burp crawls the application it doesn't records those URL. Is...

Bupsuite Enterprise not responding after automatic update

Burpsuite Enterprise tried to upgrade to latest version V2024.3 using automatic update. The burp enterprise portal got down and the application is not responding. Restarted both burpsuite enterprise services, also restarted...

Exploit Server

good day. how can I set up a test exploit server or if there is any option online that can be used to test the http atacks part. Cheers...

How to generate custom Vulnerable Scanning Report?

Logs from both Logger/Logger++ get erased when closing Burp

Every time I close Burp after saving, all my logs from Logger / Logger++ get erased. The only method that seems to work for me is if I manually export the logs to a CSV file. Is there a way to persist the logs after closing...

Academy Lab: "Finding and exploiting an unsused API endpoint" | the sugested solution throws "error: 500"

Hi. I am not sure whether I am just doing something wrong or if the solution for the lab has not been updated. Firstly, I tried to solve the lab on my own, but after countless "internal server error" responses I tried to...

Reset lab "Web shell upload via Content-Type restriction bypass"

I need the lab "Web shell upload via Content-Type restriction bypass" to be reset. The /home/carlos/secret file was deleted and no longer available to get the solution from.

automatically scan a Vue application

I can scan a vb.net application. The deep scan ran for 15 hours We also have vue applications. The deep scan only ran for about 15 minutes. Has anyone had luck running the Professional version deep scan on a vue...

Purchase multiple exam vouchers for engineers on my team

Hi all. Using my credit card I want to purchase three BSCP exam vouchers for three engineers on my team. Is this possible to do this in one transaction? If NO, assuming I have to go through this process three times? =>...

Error Unknown Host

Issue: Always getting Error Unknown Host regardless of website visited in Burp Browser. Trying to load lab Detail: I am attempting to connect as I did the day prior, on the same connection. Again, this has worked...

Problem with 2FA bypass using a brute-force attack lab

So I've done this three times so far, using Burp Suite Pro (2024.1.1.4), and I'm having no luck. I'll avoid spoilers, but the short answer is that all the responses I get are HTTP 200, no 302 in sight. I've gone though the...

HTTP History appear parameter:?category=

Hi, On this page, the video explains testing for SQL injection. When scanning, there is one SQL injection vuln with only path /filter. But when accessing HTTP History, appear parameter:?category= Can you explain...

Bcheck script for SSL weak cipher suites vulnerability

Is it possible to write BChecks script to detect SSL weak cipher suites used in web server. https://github.com/projectdiscovery/nuclei-templates/blob/main/ssl/weak-cipher-suites.yaml Need help to convert the above...

Montoya API: Update HttpHeader in Repeater Tab

Is it possible to change a HttpHeader on the HttpRequestResponse selected via a ContextMenuEvent in a Reapeater tab?

having Difficulties in solving lab

i am trying to solve this lab Lab: Developing a custom gadget chain for Java deserialization . When i am trying to serialise java cookie i am using your githup main.java in repl.it but i am getting an...

Burp scanner missed to exploit a blind SQL injection

Greetings. I was recently working on a blind SQL vulnerability (oracle database). There was 3 vulnerable parameters on the same request. However burp scanner could not always identify the vulnerability and when that happens...

Burp Enterprise Controlling False Positive Action to particular User

Is there a way to restrict false positive action to particular user or group may be using Role.? or if there is another way by which i can restrict False positive marking of issue for user(s) let me know. I tried...

I am working on the lab " User role can be modified in user profile "

when I change the role id to 2 however i get an internal server error POST /my-account/change-email HTTP/2 Host: 0a5a007703e1b1f281891199006e0050.web-security-academy.net Cookie:...

Username enumeration via response timing

The final step of the LAB I am not getting the 302 response in practical lab. Is anything I am missing. On the "Payloads" tab, add the list of numbers in payload set 1 and add the list of passwords to payload set 2....

BSCP EXAM

Hello how much time do i have to do the exam , so the voucher expires or it does not expire?