How do I? - Page 96 - Burp Suite User Forum

broken brute-force protection ip block

hello, i have so many time tried to solve broken brute-force ip block lab but at intruder i got only 4-5 wiener that has only 302 code. and i can't solve this lab because i didn't get carlos has 302 code. so just help me...

Proxy VPN traffic through Burp Suite

Hi, I'm trying to proxy my request to Burp through the use of a VPN as the application I'm testing on can only be open through the use of a VPN. My browser and VPN is in my host machine, while my Burp is in a VM machine....

Found alternative way to solve lab (web cache poisoning >> Exploiting cache implementation flaws >> URL normalization)

Hey there I just found alternative way to solve the URL normalization lab. I couldn't figure out where to report this. So, should I just report (the alternative way to solve the lab) it here or is there a proper way to...

Burp Suite Pro Deactivate Instalation

I want to deactivate an instalation of Burp Suite Pro from a PC and install to another PC Thanks

Android Chrome 99+ "Certificate Transparency" feature blocks burp certificate

According to Chrome release note[1], Android Chrome 99+ affects their "Certficate Transparency" policy then it reject the burp certificate which we had installed as a system certificate (with rooted device), and Chrome says...

Blind SQL injection with time delays and information retrieval

Hi, just hoping someone could help me understand something cus I'm a bit lost. In the lab on Blind SQL injection with time delays and information retrieval I was using the "||" string concatenation at the start of the...

Is there a way to implement burp's drop feature manually without any user interaction?

Hey guys, I was wondering if I can implement burp drop request feature manually on a specific incoming server request. For example - There is an expected login flow with 4 requests, proxy all the requests behind the...

My cellphone lost internet connection when i switch the proxy to manual.

Hi team, I'm trying to capture traffic from a cellphone using burb in my laptop. I configure the proxy option listening through all interfaces. I chose non used port like 8081. I installed the burp cert in my cellphone...

How do i get burp intercept to work with proxychains

I set up my proxychains to work with my own private proxy, to make the inbuilt browser work with my proxy, i use the command "proxychains burpsuite" It launches burpsuite and the browser works and acceses internet perfectly,...

Scan

Hi all, I want to ask what are the differences between those features in BurpSuite Professionals 1) "Do passive scan" vs "Do active scan" vs "Scan" (when right click on the request) 2) In DashBoard: "New scan" vs...

Use embedded browser sandbox as root-user

Hello, is there a possibility to use the embedded browser sandbox as a super-user? I am using Burp Suite Professional v2020.8.1 on Kali Linux. "Running as super-user, embedded browser sandbox is not...

Scan a website with burpsuite

Hi, sorry for the inconvenience, i am a beginner with burpsuite, i would like to ask you a question: how can I scan a URL on a RemoteApp(Mozilla Firefox on windows server 2019) with burpsuite? if I try to enter the URL...

OWASP Juice Shop

Hi, I need help on OWASP Juice Shop. I submitted a feedback with a 10000 star rating, and since then I can't load the Customer Feedback section on the page /administration. Either I drop the GET /api/Feedbacks request...

internet site

Hi, i have bought your book : "Web applications Hackers Book". Super!!! i'd like to have a internet site to test and comprehension of your book but i have no personal internet site. Can you give me the name of an...

Reflected XSS with AngularJS sandbox escape and CSP

I entered this script in the exploit server body and I'm not sure why it is not working?...

Install on Redhat without root?

Hello! I'm trying to use the .sh installer and it fails saying I need to run it as root. While I do have root, the first rule of being a sys admin is to not blindly run software as root that you have no idea what it is...

Custom DNS

Is there a way to create custom DNS (A) records in Burp enterprise on Kubernetes? Use case: Live web application is proxied by cloudflare, I want to test the unproxied web application. In case of a VM I would just...

Expand "match and replace" to Scanner and Target/Sitemap history

Hi, i have some requests recorded in burp and want to change specific part of the http header, across all packets- for target/sitemap/scanning actions. I checked this post where a user requests for similiar...

Can i transfer license to another user?

I bought a license i no longer need. Is it possible to transfer this license to another user?

Burp Enterprise unattended install -- what is the administrator password?

When doing an unattended install from a response file generated by a previous install, e.g. `./burpsuite_enterprise_linux_v1_1_02.sh -q -varfile response.varfile`, what's the administrator password set to? The password from...