How do I? - Page 80 - Burp Suite User Forum

Activate Burpsuite fails in other System

Hi Team, I'm trying to activate my Professional license in Linux Box it's not accepting. I have done the removal process in my windows machines by selecting "Clean Burp from computer" and removed configuration,...

Unable to intercept with latest android device using Burpsuite

Hello, I am using the following links to install BP CA and configure proxy on Android device (OS 9/10) but can't see requests in burp suite. Please...

burp browser error

Hi, Im new to burpsuite, and im trying to get grip on it, There's a problem always with my burp browser.im using community edition, Kali OS on top of M1 Mac and its a jar file of burpsuite. Error:...

Using Macro to Automate Login on JS Dynamically Constructed URL

Hi there, If anyone know how to solve this could you please share your solution? (Other than record the whole login session) Context: 1. I am trying to automate a login process using Burp's macro function. 2. As I...

Burp browser not working with /etc/hosts file

Hello, I am having trouble using Burp while doing HacktheBox. Whenever the host can be visited by its IP, intercepting or visiting the host is not an issue on Burp browser. However, whenever I have to make a modification...

Copy payload combinations from primary Intruder test to secondary test in clusterbomb mode

Hi, I am performing a test with Intruder in 3 payload positions with clusterbomb mode and the combinations of these payloads are in thousands like literally more than 10k. when the requests are made and I filter the...

Lab: Exploiting DOM clobbering to enable XSS | something I don't understand

Hello, In this lab (https://portswigger.net/web-security/dom-based/dom-clobbering/lab-dom-xss-exploiting-dom-clobbering) payload used to solve it: <a id=defaultAvatar><a id=defaultAvatar name=avatar...

Export all requests from a specific domain

Hi guys, I have a burp pro license and I often export the results from a domain doing: Taget tab > Site map tab > right click on the wanted domain > Save selected items However, I have noticed that the exported xml...

move license from one server hardware to another

We have a working server with a 12 agent license. We installed a new piece of server hardware and BurpSuite is now installed on it in trial mode. How ro I apply the existing license to the new server and how do I...

Match and Replace

Hi There, I have this URL "curl -X POST "http://foo.example.org/abcd?User=abcd&HelloCode=1234" When I POST this url I want Burp to manipulate this url as like this "curl -X POST...

Web shell upload via extension blacklist bypass

Burp suite did not catch GET request to /files/avatars/<YOUR-IMAGE>

BURP Browser doesnt work

I've tried to use internal burp browser,but it just doesnt load anything, page stays blank and thats it. I've installed certificate,but it also didnt help.

Burp Integration with F5 Vulnerability Assessment

Hello, Has anyone been able to leverage F5's Vulnerability Assessment Tool with Burp Enterprise? The tool has an option to export a generic xml schema that scanners should be able to leverage, but I am not sure if Burp...

Difference in burpsuite dastardly and pro light scan results

As part of the comparative study, I tried to scan https://ginandjuice.shop/ using burpsuite pro lightweight scan and dastardly to my surprise dastardly scan result came out empty without any findings, and burpsuite pro...

INSTALLATION VIA TERMINAL WITH PARAMETERS PASSING

Hello everyone, We are trying to automate the installation of Burp Enterprise agents through Shell Script We know that to start the installation of the agent via terminal, we can use the "-c" parameter. However, it is...

Why cant lab "H2.CL request smuggling" be solved this way?

Hey! I see the solution to the lab involves the following smuggled request: GET /resources HTTP/1.1 Host: YOUR-EXPLOIT-SERVER-ID.exploit-server.net Content-Length: 5 x=1 I understand that this will grab two chars...

Lab: Exploiting cross-site scripting to steal cookies

I tried so many time also I was taking help of solutions but Poll is not working in burpsuite for this lab only

Content Discovery

Could a person get into trouble Discovering Content?

Burp Suite Professional License Restrictions - Use 1 license on 2 different computers with same user account

Hello, I have a Burp Suite Professional License obtained through my company. Can I use this same License on a different computer (my personal pc) to take the practice exams and Burp Suite Certification exam? This will...

Lab CORS vulnerability with trusted null origin: CORS missing allow origin

Good evening, I'm struggling to solve the lab, it seems to me that the CORS policy is not configured according to the LAB. Following there's my HAR file generated trying to view the...