How do I? - Page 84 - Burp Suite User Forum

Montoya API Burp HTTP Request

Hi! If I want to send HTTP requests and receive their responses, how do I handle character encodings (ISO-8859-1/UTF-8)? Usually, I would use a PrintWriter, but how can I do this with this API?

Lab: Client-side desync - Browser Attack

Has anyone successfully replicated the Client-side desync browser attack from the lab? https://portswigger.net/web-security/request-smuggling/browser/client-side-desync/lab-client-side-desync I'm able to get through...

Burp Professional : Could not connect to seed URL

Hi All, I am trying to run Burp Scan . Right click on target >> Scan >>Crawl and audit >> Run (The usual process) But i Am getting error "Could not connect to seed URL" Please explain in laymen terms , i am new to...

2FA broken logic

I am trying to brute force 2FA verification code i am following the right methods but i after doing brute-forcing 2FA code i am not getting 302 response despite following the right methods. why?

Getting protocol error even if the syntax is correct

Hi, I've been working with burpsuite for long and in Sql Injection, a lab is showing protocol error even if the syntax or the query is correct. How do I resolve this error?

License activation

Hi is it possible to clear existing licenses and allow new all licenses were used by myself. the burp pro license was recently purchased and the licenses lost through testing. I currently mid project and would need...

The Burp challenge completion

Hello I've completed all four stages of the burp challenge before 31 December 2022 however I have still not received any exam credit. Am I missing something?

How do I create a regular expression that matches the start of a form "<form "

I want to create a rule to catch every response that includes a <form. I have tried many regular expressions and none of them worked. Things I tried: <form \<form .?form. [[:blank:]].form[[:blank:]] \x3Cform\b I...

HTTP request Smuggling CL.TE LAB

Hi, I'm trying to solve the lab "Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability". I tried using the following request : ---- POST / HTTP/1.1 Host:...

HTTP Request using Montoya API

Hi! I am trying to issue HTTP requests using the Montoya API with Swing Workers. I have a worker, which is supposed to issue two requests (one after another). However, only the first request is sent. My code is as...

How to intercept Burpsuite request when site is going to port 8443 or other uncommon web port

Hi there, Is it possible to do burp intercept on application where to application goes through port 8443 instead of 443. For some reason I am unable to intercept the proxy.

Burp collaborator | how to retrieve dns interactions from server

I've received a log4shell dns interaction from a log4shell payload submitted by a burpsuite extension, sadly there's no way from the issue activity to see the dns query that was issues (crucial in my case as it contained...

Burp Crawler does not follow top level href

Hello! I could not manage to configure Burp crawler to follow top level href at https://www.uber.com/de/en/s/e/join/. This page is just as an example. It has two links to drivers.uber.com: - Sign up now...

Blind SQL injection with out-of-band data exfiltration

Hi Team, Same issue the oatify.com does not work on my collaborator. Please see my payload below: ' || SELECT EXTRACTVALUE(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM...

how do i get free trail license for enterprise edition.

please provide the free trail license for enterprise edition

I cannot route traffic from mobile devices to Burp

Hello! I am trying to route all traffic from my iPhone to Burp. I checked the wifi settings on my phone and when I enable the proxy on my iOS device, it says no internet connection. I am running IOS 16.0.3. How do...

Intercepting remote target via Burp Suite

Hi, I'm trying to intercept remote target via Burp Suite. I don't think so that it's possible with Community edition because I'm not able to set the IP of the target in proxy listener. Is it possible with any other...

Is there a way to change the Typical Severity of a specific issue

I am scanning software prior to it being submitted to our client. They have set the Severity for at least one issue higher than it is set in Burp Suite. I am seeking a way to change the Typical Severity for all my work.

Is there a way to detect CWE-1004

I'm not seeing an issue the encapsulates CWE-1004 (https://cwe.mitre.org/data/definitions/1004.html) Am I missing something?

my progress of the learning material still 0%

after completing the SQLi section my labs progress is fine but the other one about the learning material isn't i've seen a question like this in the forum and he did get an advise to marke the completed material as...