The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 250 posts in 26 threads

Modify target from abc to xyz

the tests I did on abc.com on xyz.com, Is it possible in Burpsuite to just edit the url from abc to xyz

Last updated: Dec 02, 2021 12:21PM UTC | 1 Agent replies | 0 Community replies | How do I?

How can I intercept traffic on iOS 10?

easily intercept the internet browsing( http & https both) but I am unable to intercept the application(xyz ) traffic & can browse the application(xyz) easily when intercept is on. I am getting an error saying FAIL TO CONNECT TO application(xyz) P.S.: the application(xyz) is already

Last updated: Jul 03, 2019 03:27PM UTC | 6 Agent replies | 6 Community replies | How do I?

Blind SQL lab.1

Here: xyz' AND '1'='1 …xyz' AND '1'='2 I don't understand what those quotes ' ' are, in the

Last updated: Feb 08, 2022 08:11AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Filtering URLs with specific words

eg: http://www.domain.com/abc/page1/Could+not+create+url+for+page+path:+/xyz http://www.domain.com url+for+page+path:+/pqr http://www.domain.com/abc/123/dir1/page1/Could+not+create+url+for+page+path:+xyz /subdir1 http://www.domain.com/abc/564/dir3/page1/Could+not+create+url+for+page+path:+dir2/page1/xyz

Last updated: May 31, 2016 10:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Support on this SQL statement

SQL statement we injecting below (Blind SQLi with conditional responses using the TrackingID) ...xyz

For example on this, ...xyz' AND '1'='1 I noted that there were no extra SQL that were being processed in that query hence if tried ...xyz' AND '1'='1-- it will be 'executed' but then logically it will be incorrect hence the structure of the query I am testing can be ...xyz' AND '1'='1' ending with a '

Last updated: Aug 06, 2021 11:20AM UTC | 2 Agent replies | 2 Community replies | How do I?

why do i have to use the concatenation operator when SQL injecting ?

the blind sql injection labs . i got lost when i saw this query on the solution : ''' TrackingId=xyz i saw it again on the next lab which runs on postgresql : ''' TrackingId=xyz'||pg_sleep(10)-- '''

Last updated: May 10, 2021 02:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

About the Web Academy content

web-security/sql-injection/blind), you can see that the material teaches the following command: xyz To solve the lab, it's used the following command: xyz' AND (SELECT SUBSTRING(password,1,1) FROM users web-security/sql-injection/blind/lab-conditional-errors), where the learning material shows this code: xyz > 'm') THEN 1/0 ELSE 'a' END FROM Users)='a and the solution provided use this kind of code: xyz

when trying to find the password, you can either use the suggestion from the solution: TrackingId=xyz create a slightly different SQL query based on the suggestion from the learning materials TrackingId=xyz

Last updated: Nov 16, 2021 02:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

[webacademy] Bug in explanation of blind SQLi

So it is not true that these queries return true (the first one) or false (the second one): xyz' UNION SELECT 'a' WHERE 1=1-- xyz' UNION SELECT 'a' WHERE 1=2-- Both of them make the final query to return

Are you replacing the TrackingID cookie value item with "xyz' UNION SELECT 'a' WHERE 1=1--" or appending

Last updated: Jan 29, 2020 02:29PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

"Lab: Blind SQL injection with conditional responses" syntax question

The following are given as examples about how to test for truth: TrackingId=xyz' AND (SELECT 'a' FROM users LIMIT 1)='a TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator')='a TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='

Last updated: Aug 25, 2022 06:50AM UTC | 0 Agent replies | 1 Community replies | How do I?

2 requests with the same URL but different HTTP methods are not getting added to the Site Map

GET https://test.com/xyz PUT https://test.com/xyz Only one of them( the one that is intercepted

Last updated: May 25, 2018 07:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp misses open redirect

Example HTTP Request: http://[victim]/XYZ Example HTTP Response: HTTP 301 Location: https:/ /[victim]XYZ As the / is missing from the document request, we control the domain name string.

Last updated: May 22, 2017 08:01AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Why simple quote is necessary in SQL Blind Injection using TrackingID?

I'm in first lab of Blindd SQL Injection and payload for test is: TrackingId=xyz' AND '1'='1 Why

Last updated: Dec 17, 2021 02:51PM UTC | 1 Agent replies | 0 Community replies | How do I?

'Lab: Blind SQL injection with conditional responses' not working

"TrackingId=xyz AND '1'='1" should return me 'Welcome back!' , but "TrackingId=xyz AND '1'='2" should not return me nothing).

Last updated: Apr 01, 2024 06:29AM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Automated scan does not recognize Javascript

perform an automated scan with Burp Professional and when I run it, I get the message: "We're sorry but XYZ

Hi Martii, Just to clarify, where are you seeing the message "We're sorry but XYZ doesn't work properly

Last updated: Feb 06, 2023 05:25PM UTC | 1 Agent replies | 0 Community replies | How do I?

Authentication Failure from xyx.com

Hi All, Need urgent help, We have a financial Application(xyz) and we are running burp suite for that

Last updated: Jul 31, 2018 12:55PM UTC | 1 Agent replies | 0 Community replies | How do I?

Collaborator "payload" field not correct when using multiple tokens

up logging a payload hit for xyz.oastify.com (and abc) in the UI, even though there is no request to xyz

Last updated: Nov 09, 2023 10:31AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

How do I customize the columns shown in proxy - http history?

user-agent that identifies the test I was running and the tool I was using .... like: 'ffuf parameter xyz

Last updated: Jun 27, 2022 07:32AM UTC | 2 Agent replies | 1 Community replies | How do I?

SQLi lab - Blind SQL injection with conditional errors problem

TrackingId=xyz'||(SELECT '' FROM dual)||' I am confuse with concatenation symbol "||" ,why need to

Last updated: Aug 12, 2022 10:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Bypassing access controls via HTTP/2 request tunnelling

X-SSL-VERIFIED: 1\r\n X-SSL-CLIENT-CN: administrator\r\n X-FRONTEND-KEY: 4915524682751556\r\n \r\n Value xyz

Last updated: Jun 02, 2023 01:04PM UTC | 1 Agent replies | 0 Community replies | How do I?

extender no longer working?

illegal reflective access operation has occurred WARNING: Illegal reflective access by burp.fp4 (file:/xyz

Last updated: Apr 15, 2021 08:09AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Broken brute-force protection, multiple credentials per request CSRF Token issue

In the macro editor the host column was XYZ and the host in the Raw request I had changed it to ABC ( Going back to the Cookie JAR I had session cookie from host ABC and XYZ.

Last updated: Oct 23, 2024 09:51AM UTC | 11 Agent replies | 13 Community replies | How do I?

How do I download Burp updates without going through the GUI?

product={name}&version={currentversion}&license={xyz}" [2] https://github.com/pajswigger/update-burp

Last updated: Jun 02, 2020 01:12PM UTC | 3 Agent replies | 2 Community replies | How do I?

Install Burp Suite on Kali linux?

burpsuite_community_linux_v2023_11_1_3.sh.11504.dir/jre/bin/java: Exec format error uname -a: Linux XYZ

Last updated: Jan 02, 2024 09:50AM UTC | 2 Agent replies | 1 Community replies | How do I?

File upload Challenge - file upload returns missing parameter despite all fields filled out

orange-logo.jpg" Content-Type: image/jpeg ÿØÿà�JFIF��H�H��ÿâICC_PROFILE��� lcms��mntrRGB XYZ

Last updated: Sep 16, 2022 10:45AM UTC | 3 Agent replies | 2 Community replies | How do I?

Save Intruder Tabs On Exit Just Like Repeater Tabs

Instead I pick the payloads I want to scan > right click > “scan defined insertion points” > “add to task xyz

Last updated: Apr 26, 2022 08:58AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Use of multiple URL's with plugin: Burp Scan

Suggest how to overcome this Jenkins Console: Started by user XYZ Building remotely on UFT_EntAutomation_N1