How do I? - Page 95 - Burp Suite User Forum

Activation Failed!

Hello, I tried to reactivate my Burp Suite but it says no more activations are allowed! Could you please check and advise ASAP! Regards,

Out of activations

I was not aware that there was a limit on activation's. I use a few vms and often completely refresh them. If it is possible I just would like to activate one more on my Ubuntu box.

Purchased a Professional license subscription... Still no access or communication.

The website boasts immediate access upon purchase through certain payment methods, but it's been 24 hours since receiving a message stating that they will be in touch with my license as soon as possible. Since the website...

Lab: Exploiting cross-site scripting to steal cookies

For this lab I attempted to add a new image via javascript by appending it to the body in the DOM. The image src included the collaborator domain plus a request param whose value was set to the document.cookie. I could see...

Requests are running even after chrome is closed through selenium

Hi Team, Im running burp through selenium, i followed the procedure in setting up proxy and im successful in running my script and scan is also happening. But once the script execution is completed. The scan doesnt stop...

port swigger main class problem

How can I solve "Could not find or load main class" problem?

my license has been used many times now is not working

Hello Team Hope everyone is doing well could you please regenerate a new licence thanks

Multiple issues

Need to use an application that utilises an authentication via a certificate (mutual TLS). I have looked an importing this on the burp tool but not had any success. The easiest option for me is to configure the browser's...

Intruder - brute-force with recursive grep and more, than 2 params

Hello, I got a question (BurpSuitePro) I would like to brute-force login on site, where are 3 dynamic params. • session_code, each attempt must be used value from previous response, unpredictable, generated by server...

Modify external database hostname for burp suite Enterprise edition deployed on kubernetes.

After successfully deploying burp suite Enterprise edition on Kubernetes. How can I modify the external database hostname?

API support for controlling from remote automation framework

Hi, I would like to know how Burrp (licensed version) can be controlled using an remote API.. My use case is: I'm going run my framework in machine 1 and wanted to control burp suite running in machine-2.. Is there any...

Unknown host error: static-assets.default.svc.cluster.local

I'm using the Burp Chromium browser (which is a great feature, btw). I'm getting a unknown host error when I start browsing my target. I'm trying to upload the screenshot, but there seems to be no such option when...

sslstrip

in this tutorial: https://portswigger.net/burp/documentation/desktop/tools/proxy/options#Force%20use%20of%20T and in this part: Force use of TLS - If this option is configured, Burp will use HTTPS in all outgoing...

Only some sites load

Hello, I have been trying to navigate to various sites to capture traffic and only some sites work. I have configured Foxyproxy on loopback, port 8080 - Same defaults in Burp. Intercept is off. I navigate to...

What about when I renew my license before the expiration

What about when I renew my license before the expiration? My expiration is 3 Aug 2022 if I renew before expiration. what about my new expiration? It must be 3 Aug 2023?

Web Cache Poisoning X-Forwarded-Host

Hi, I am attempting the "Web cache poisoning with an unkeyed header" lab. I am not receiving a response in the Repeater when I add the X-Forwarded-Host (example.com). However, I receive a response as normal with or...

Username enumeration via response timing (Video solution, Audio)

Hi All, When I select Pitchfork, I have 3 payloads options not 2. This stops me sending the attack. Do you experience the same situation? Thanks, Yan

Blind SQL injection with time delays and information retrieval

i tried the cluster bomb and i tried it manually. both times i got 2 different passwords. none of them unlock the admin account. what do i have to do to login? =)

Received fatal alert certificate required

Hello, I am testing an API that requires a CA certificate and a Client certificate (Host, CRT file & KEY file) to be configured for you to access it. I am able to do it with Postman but when I proxy the traffic via Burp...

scan

Hi，When I select a target，What is the difference between selecting ‘scan’ and selecting ‘actively scan this host’? I did a test and found that using these two different options will find different vulnerabilities