How do I? - Page 82 - Burp Suite User Forum

Active scan on API with HTTP/2

Is there any way to perform active scans on an API for a server that uses HTTP2 only? I currently have no problem with the Repeater making HTTP2 requests, but if I send the request for an active scan, HTTP2 is not used or...

IS NOT POSSIBLE TO CONNECT A ADDITIONAL SCAN MACHINE

Hello everyone, I'm trying to add a new machine (scan machine) in my Burp Enterprise, however i get the message "Cannot connect to database" I already have others scan machines, but this one I'm trying to configure i...

Crawling failed after login

Hi, I have used recorded sequence to login to a website to scan it. After crawling started, the debug section under event log showing a message as '0 new location found after login'. What is the reason for this and How to...

Why is the login failing despite giving proper credentials in Burp Enterprise Edition? Is there any extra setting required?

Hi, We are evaluating Burp Enterprise Edition to help us cover some valuable amount of security testing as a part of our CI. Before anything else, I tried to set up Burp Enterprise Edition and gave the URL of our...

CSRF where token is duplicated in cookie

Trying to solve this lab and the lab before it my code works in the browser but not in the exploit server: ```<html> <body> <h1>Hey</h1> <iframe style="display:none" name="csrf-iframe"></iframe> ...

Automated scan does not recognize Javascript

Hello, I would like to perform an automated scan with Burp Professional and when I run it, I get the message: "We're sorry but XYZ doesn't work properly without JavaScript enabled. Please enable it to continue." As far...

Does Burp Professional ".exe" read "BurpSuitePro.vmoptions" file ?

Hello, I'd like to add custom JVM arguments, in particular: -Djdk.tls.maxHandshakeMessageSize=262144 for TLS handshake. I've added it to BurpSuitePro.vmoptions but it seems that starting burp from standalone exe...

Changing Subscription to a different existing account

Greetings, I recently purchased 4 professional licenses mapped to an account. However I want to switch over the ownership and the master account to different account which had previously expired subscription. Every time I...

Pretty sure its broken

I tried to do the Lab: SQL injection attack, listing the database contents on non-Oracle databases for a long time now. I don't think the updated username_table and columns are right. I am 100% sure my syntax is...

Install Burpsuirt Community Edition on ubunto Server

Dear Team , Kindly note that i have create vm on oracle cloud with 24 RAM and 200 HD and tried to install Burpsuirt Community Edition version , However I'm facing the below error sudo...

Showing response in browser link error

When I click show response in browser it generates a link but when I open it, it downloads a file named [v1_GetHints.json]. Now I don't know what to do with that file.

DOM Invader in external Chrome browser

I am using Burp Suite Professional, in a Kali VM which is running on a M1 MacBook Pro. Therefore I have to install it using the JAR file, which does not support launching an in-built/default Chrome instance. Is it still...

scan in community

if u cant do a basic scan in community, wots the point

HTTP request smuggling, confirming a TE.CL vulnerability via differential responses

Could you guys explain to me why the Content-Length of the second request needs to be 15? I see that the values 12 and 13 work, but if I send 10 it does not. I thought that any greater value than the body of the request...

SSRF via flawed request parsing

This lab requires users to brute force the IP in the host header to find the admin panel. My issue is that, even when following the solution and community solutions, intruder is not able to brute force the IP. Target:...

Lab: SameSite Strict bypass via client-side redirect

Hello! I was studying about SameSite restrictions in the Academy. However, a question mark has formed in my mind when I was trying to solve the lab "SameSite Strict bypass via client-side redirect". In the step 5 of...

Unable to upload the license to activate Burp Enterprise edition

Unable to upload the license to activate Burp Enterprise edition. Getting error as "There was problem checking your license". I have enabled proxy server before activation. How to fix this issue.

Help regarding lab solutions despite following the steps

Hi, For some labs even if I follow the correct steps mentioned in the solution I get 404 or server error and the lab doesn't get solved. Please look into it

Delete my account

Dear Concern, I request you to please delete my account.

Custom Extension - How to programmatically call the built-in Chrome browser?

My apologies if this has been asked already but I haven't been able to find an answer anywhere. My question is: Is there an API method that I can call from my custom Burp extension to send URLs to the Burp built-in Chrome...