How do I? - Page 97 - Burp Suite User Forum

Burp intruder's match/replace rule for {FILE}

When I tried to use Burp intruder's match/replace rule for {FILE}, I get invalid regex error. Please advice.

Lab 1 Directory traversal(File path traversal, simple case)

How we know image(218.png) is present 3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www/image/218.png or /var/www/image/abc/218.png, How we get to know this for applying...

trouble installing

Hello, Trying to run Burpsuite on Kali (Pi4b, Cortex-A72), running the latest Open-JDK and I keep running into issues. If I run the JAR i get: "invalid file (bad magic number): Exec format error" and if I run the...

Burp related query

We have following questions please acknowledge our query:- 1) We are running testcafe script via burp but in Target tab our application url is showing disabled. 2) We are getting all the out of scope items in our...

Lab1 WebSockets ( Manipulating WebSocket messages to exploit vulnerabilities )

Hello, when I try to send a message in the live chat feature of the lab, the message does not go through. Any suggestion? Regards.

Obtain Burp/Network logs to better troubleshoot Error "Received fatal alert: unknown_ca"

I use Burpsuite Pro to test DoD Common Access Card (CAC) and non-CAC websites for DoD. I'm able to access different CAC websites via FireFox and Chrome from a Kali VM residing on a MacBook Pro. I have encountered a website,...

Export Burpsuite issues to CSV

Hi, I'm using Burpsuite Pro and was wondering if there's a way to export the Burpsuite XML to CSV so it can be imported to Powerbi?

Burp Enterprise Collaborator

Is it possible to configure a burp collaborator instance to work with burp enterprise?

deleting account

i want to delete my portswigger account

Active Site scan with dynamic session id.

I am attempting to complete a authenticated crawl and audit of my site that is configured to dynamically change the session ID for each login attempt. How do I capture the session ID and complete an authenticated crawl and...

how host header injection exist but we change the host header the server must make error that host header not exist !

How do i get burp to automatically extract and display all base64 encoded images ?

I am using burp suite to intercept traffic from a site, I am trying to view the images from the proxy but the site uses web sockets to send all the images(Base64 encoded strings) at once to be loaded on Demand Which is...

the client failed to negotiate a tls connection to xxx.xxx.xxxx:443: Remote host closed connection during handshake

Hi, When I use my local ip address to intercept data ,I'm getting the alert "the client failed to negotiate a tls connection to xxx.xxx.xxxx:443: Remote host closed connection during handshake" , But if I use the...

Set Drop Out of Scope Requests (Enterprise)

Is there a was in Burp Enterprise to explicitly set the scanning machines to drop all out of scope requests like in Burp Pro?

Is there a way to strip out-of-scope items after the fact?

Hello, I'd like to share a Burp project file. However, it contains a huge amount of out of scope items I don't want to share. Usually, I define the scope in projects but dont select 'ignore all out of scope traffic'...

Struggling with Burp Suite Certified Practitioner Exam

Hello, I just failed my attempt on the Burp Suite Certified Practitioner Exam. This was a rather frustrating experience, as I managed to solve the first App in ~1.5 hours, giving me a lot of time for App 2. After...

how to change online prices

Guys can anyone tell step by step how to change the online prices for e commerce shopping

Excluding pages from Burp Pro scanner by parameter value?

Is it possible to exclude entire requests from the Burp Pro scanner if one of the request parameters/parameter values matches a certain string/regexp? I don't want to ignore the insertion point, I want to exclude the entire...

Testing web apps that use AD authentication through the Burpsuite Proxy

I am trying to run an active scan on an internal app that uses AD authentication. The app calls a different internal website to do the authentication. It works fine without the burp proxy being on. When I enable the proxy...

How to use burpsuite

I lost my SIM card which I used to open an account. Now if I want to log into the account, it’s prompts me to enter an OTP. I can’t because I lost the SIM card . A friend recommended burp suite to me but I don’t know how to...