How do I? - Page 86 - Burp Suite User Forum

Lab: DOM XSS using web messages and JSON.parse

Hey, the Solution Payload is following: <iframe src=https://your-lab-id.web-security-academy.net/ onload='this.contentWindow.postMessage("{\"type\":\"load-channel\",\"url\":\"javascript:print()\"}","*")'> Can anybody...

[LABS] CORS vulnerability with trusted insecure protocols - is it possible with fetch() instead of AJAX?

Hi, when trying with fetch, I get blocked by CORS. The script I try on the exploit server leads to the followin...

Checking setting/parameter after ZAP report

Hi, I found that our Burp Suit Professional report did contain only informational and Low severity after scanning. On the other hand, our Dev team has scanned the same website with Zap. I was surprised that it has rich...

Burpsuite Professional V2022.7.1 updated and now Kaspersky Endpoint Protection is flagging as malicious Backdoor.Java.JSP.gen

Hi, My licensed burp suite pro V2022.7.1 and now every time i open the tool the my Kasper-sky Endpoint Protection is flagging as malicious object with the following info: Application: Burp Suite Professional User:...

I'd like to get a refund on my license.

It was automatically renewed, and the payment was made. The company you already work for is using as a different license type, so you don't need a license that you used personally. Can you give me a refund?

Error Dispatching scan to New machine 1

Hello Team what is mean by this error? Error Dispatching scan to New machine 1 I am using free enterprise version

Getting error when installing Burp Suite Professional

Hello, we have Burp Suite Professional edition licensed to Bwatech company (securitytest@bwatech.sa), and the edition was already installed in one of our computers and were in use. But we had to reinstall the operation...

How to work Exploit Server in PortSwigger Academy?

I have been looking for answers about What is Exploit Server inside academy exercises? Example, a simple XSS Reflect, instead just reflect using an alert command I realize the use of wrappers like, send payload wrapped...

burp suite community

Hi Can I use burp suite community edition to solve all the labs on portswigger site? Are there any labs for which burp suite pro is neede or community edition would be sufficient ?

Clickjacking all apprentice lab

Please Team could you see any problems with my frame script as I tried to solve all three labs and it is not working. One example below for the third lab: frame buster script <style> iframe { ...

How to execute Lab: Exploiting PHP deserialization with a pre-built gadget chain using only burp suite?

Hi , can i execute this lab using only burp suite ? when i search for solution videos i only see solutions using Kali ? thanks

Issue_events not working in burp API

Hi Team, Why i am not getting any data in issue events? Below is the response of CURL command (curl -vgw "\n" -X GET 'http://ipadd/myapikey/v0.1/scan/41' ) which i am using to get the scan results: { "task_id":...

How to use custom certificate (I have the certificate and private key)

Hi, I have a wildcard certificate and its private key for my personal website, and I want to use this certificate for burp interception. this is my cert https://imgur.com/iy4A4Ep and this is what happens when I...

how i exploit this pls explain me in detail how i execute payload in website ?

Data is read from document.cookie and passed to the 'after()' function of JQuery via the following statements: var decodedCookie = decodeURIComponent(document.cookie); var ca = decodedCookie.split(';'); var c =...

Licence key

Hi, I just downloaded Profeesional trail version. it's asking for licence where can i find it?

Upstream proxy server

Hello, I setup an upstream proxy server "username:password@proxy:port" and when I run "curl --proxy username:password@proxy:port ifconfig.io" nothing is intercepted. Can you please help? Thank you.

Burp Suite ISO27001 certification

Hello Team, Please let me know whether BurpSuite has ISO27001 certification in place or its not requested as of now. Regards, Supraja.M

Is it possible to force listen on a port which is already in use?

Hello Is it possible to force listening on a port which is already in use?

How to add NTLM Credentials in the Enterprise Edition

Hi, I am using the Enterprise Edition. How do you add NTLM credentials? Thank you!

Burp Suite Setup " couldn't load main class"

Hi , I downloaded the setup file. Then when I run it I get this error directly. How can i solve this problem.