How do I? - Page 89 - Burp Suite User Forum

Not able to access http://{Ip-Addr}:8080 remotely

Dear Team, I have configured Burp enterprise in win 2016 server. After compktetion of my installation am able to access burp enterprise through http://localhost:8080 or http://{ip_appr}:8080 inside windows server machine...

How can i get ip address for target

Hello every one can i get an ip address for some one with burpsuite For example can i get an ip address for facebook account when i make a chat or call with him like wire shark ?

Dashes in the payload for the "Lab: Web cache poisoning with an unkeyed cookie"

Hi, I have a quick question regarding the "Lab: Web cache poisoning with an unkeyed cookie": Sending this cookie worked: Cookie: fehost=test"-alert(1)-"test While sending same payload, but without dashes,...

How to use Burp's Session Handling with new dynamic token to bruteforce login ?

1. I can get token value from response root domain (eg: GET https://www.abc.com) HTTP/1.1 200 OK .. ..sniff.. ..sniff.. ..sniff.. <html> .. .. <input type="hidden" name="token"...

How to install burp suite properly. Java error during installtion.

My current java version ******************************** ─(root㉿172-105-60-80)-[/home/kali/Downloads] └─# java -version openjdk version "11.0.17" 2022-10-18 OpenJDK Runtime Environment (build...

Use postmessage to steal cookies

Hi I have been testing this lab. https://portswigger.net/web-security/dom-based/controlling-the-web-message-source/lab-dom-xss-using-web-messages-and-json-parse but what but how could i use that to get the cookies? Not...

How to use functional testing browser traffic to identify security vulnerabilities in Burp Suite?.

We want to use the browser traffic generated for application functional testing performed by tester with Burp suite tool to identify security issues. I understand that we can use active scan or spider option to automatically...

Lab: HTTP request smuggling, basic TE.CL vulnerability

The solution for the challenge provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST /...

Need to know if Burpsuite tool support Katalon studio for automated testing scan

I would like to know if Burpsuite tool can be integrated with Katalon.

Proxy Rotation From My Own List of Resi's

Hey guys I'm absolutely at a loss, not techi, and really could use some help please. I have easily allowed firefox and foxyproxy to connect through Burp. However, I want to use my own list of resi's and change to...

Burp Enterprises integrated to jenkins pipeline

Hi, We are using in Burp Enterprises, they need to integrated Jenkins Pipeline for the DAST scanning. How do that if any script is there. Burp enterprises and jenkins in window sever only. Thanks S. Manikandan

When I use Burp Suite Enterprise Edition to scan OWASP Benchmark, the tool cannot audit any vulnerabilities.

Hi, When I use Burp Suite Enterprise Edition to scan OWASP Benchmark (https://x.x.x.x:8443/benchmark/), the tool can crawl all web pages but cannot audit any vulnerabilities.But when I use the...

Burp Suite Community Edition

When i Use to do something in burp its show me this:- Burp Suite Community Edition CA Certificate Welcome to Burp Suite Community Edition. I am already import in my browser.But when i want to...

Failed to parse server certificates

I am trying to intercept the request for one of the URL which is using self signed certificate, I am getting this error "Failed to parse server certificate". Could someone help me resolve this error somehow?

Remove the default burp suite community from parrot os

Hi In Parrot Os 5.1, (I updated burp suite to the latest version (Nov release), but i'm still having the original burp suite (Aug release). How to remove the Aug release; there is no BurSuite folder like describe in...

I'm getting a 400 Bad Request Error when trying to check the status of my scans

I'm trying to get my scan results running this: "curl -vgw "\n" -X GET 'http://xxx.xx.xx.222:1337/API_KEY/v0.1/scan/2'" and it's giving me a 400 Bad Request Error. The body message of the Error says "Task ID not...

Burpsuite Aborting checks due to errors

Hello Team, I tried install BurpSuite on my Kali machine and after I successfully installed Burpsuite, I could not open any browser. So I did the Health Check for BurpSuite Browser and got this error Aborting Checks...

local user/domain user

I have burpsuite pro installed on a laptop with an administrator account. I have joined the laptop to a domain to initiate some scans. I am unable to run burpsuite pro with the domain admin account I have been given. How...

How to scan a website which reply output in a javascript messagebox

I am new to the burp suite and I am trying to scan a website that is known to have error-based sql injection. The issue is the SQL error message comes in a javascript alert box. Therefore burp suite does not pick that up and...

Renew less number of licenses

Hello Burpsuite Support, Currently my organization has 5 Burpsuite Professional licenses that expire in January 2023, and we plan to renew licenses but due to budget issues we only have 4 licenses to renew, how can I...