Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 50 posts in 42 threads

Missed SQL Injection

76)||CHAR(86)||CHAR(107)||CHAR(117)=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY(CHAR(65)||CHAR(69)||CHAR(83 =0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded

Last updated: Nov 23, 2021 08:40AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

updating burp failed

last): File "/home/kali/.BurpSuite/bapps/296e9a0730384be4b2fffef7b4e19b1f/ext/inql_burp.py", line 83 _pyx5.f$0(/home/kali/.BurpSuite/bapps/296e9a0730384be4b2fffef7b4e19b1f/ext/inql_burp.py:83) at org.python.pycode

Last updated: Sep 13, 2023 06:56AM UTC | 5 Agent replies | 4 Community replies | How do I?

inappropriate requests.

=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83

Last updated: May 04, 2021 02:24PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Regarding Java version

cd /app/burpsuite_enterprise/jres/ ls -lrt total 0 drwxrwxr-x. 7 burpsuite burpsuite 83 Apr 10 2021 9.0.4 drwxrwxr-x. 7 burpsuite burpsuite 83 Jun 26 2021 11.0.10.9.1 drwxrwxr-x. 7 burpsuite burpsuite 83 Jan 22 2022 11.0.13.8.1 drwxrwxr-x. 7 burpsuite burpsuite 135 May 6 2022 11.0.14.1 drwxrwxr-x

Last updated: Nov 11, 2022 03:08PM UTC | 7 Agent replies | 6 Community replies | Feature Requests

Problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability"

oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded oc6ENALO7RzoOG4gf7nO3WuACjtMcBsv Sec-WebSocket-Key: BFiL8g7xBMXsqpxcyoIZxg== Content-Type: application/x-www-form-urlencoded size to 8 Loop 0 Queued 1 attacks from 1 requests in 0 seconds Completed 3 of 3 in 1 seconds with 83

Last updated: Aug 20, 2021 12:00PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

Java vulnerability issue

multiple jre versions cd $BURPSUITE_ENTERPRISE/jres ls -lrt total 0 drwxrwxr-x. 7 burpsuite burpsuite 83 Apr 10 02:00 9.0.4 drwxrwxr-x. 7 burpsuite burpsuite 83 Jun 26 02:00 11.0.10.9.1 Is there a way

Last updated: Mar 17, 2022 05:27PM UTC | 3 Agent replies | 2 Community replies | How do I?

INQL Installation Error, unable to install INQL

KushSharma\AppData\Roaming\BurpSuite\bapps\296e9a0730384be4b2fffef7b4e19b1f\ext\inql_burp.py", line 83 \Users\KushSharma\AppData\Roaming\BurpSuite\bapps\296e9a0730384be4b2fffef7b4e19b1f\ext\inql_burp.py:83

Last updated: Jul 26, 2023 07:34AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Last updated: Jun 05, 2021 09:01AM UTC | 1 Agent replies | 2 Community replies | How do I?

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 01:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jul 10, 2020 08:07AM UTC | 3 Agent replies | 5 Community replies | How do I?

Private collaborator server not starting with valid certificates

: Data: Version: 3 (0x2) Serial Number: 04:aa:3f:8f:89:6a:0f:d6:83

Last updated: May 26, 2022 12:46PM UTC | 4 Agent replies | 5 Community replies | Bug Reports

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Mar 05, 2021 03:32PM UTC | 1 Agent replies | 2 Community replies | How do I?

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 20, 2020 01:02PM UTC | 1 Agent replies | 1 Community replies | How do I?

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Last updated: Aug 20, 2021 02:26PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Last updated: Jan 30, 2020 10:00AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 02, 2022 02:11PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 06:44PM UTC | 1 Agent replies | 2 Community replies | How do I?

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

Last updated: Sep 05, 2023 06:14AM UTC | 1 Agent replies | 1 Community replies | How do I?

SSL hardware certificate library cannot be loaded

exit 83 fi I think there shouldn't be such a check until this issue is fixed.

Last updated: Jul 18, 2019 10:39AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

ca certificate

The URL is http://burp/ - there's no www.

Last updated: Jun 10, 2020 07:32AM UTC | 7 Agent replies | 9 Community replies | Bug Reports

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Nov 29, 2021 08:07PM UTC | 1 Agent replies | 2 Community replies | How do I?

Garbled text at end of proxy intercept - no username/pass

en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83

Last updated: Mar 25, 2019 10:33AM UTC | 1 Agent replies | 1 Community replies | How do I?

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Last updated: Jul 05, 2021 10:20AM UTC | 0 Agent replies | 0 Community replies | How do I?

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Last updated: May 06, 2022 09:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Modifying serialized data types

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Last updated: Jul 19, 2023 11:43AM UTC | 8 Agent replies | 15 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 08, 2022 07:47AM UTC | 6 Agent replies | 6 Community replies | How do I?

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

Last updated: May 25, 2021 01:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

HTTP request

POST / HTTP/1.1 Host: YOUR-LAB-ID.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 01, 2023 07:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

HTTP/1.1 Host: 0a4200c60375b196c058f06300d100b9.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

HTTP/1.1 Host: 0a55001804a184ac82e056fd001300f2.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Aug 07, 2024 06:52AM UTC | 8 Agent replies | 13 Community replies | How do I?

Lab Not Working Properly

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: Sep 22, 2024 11:33PM UTC | 5 Agent replies | 12 Community replies | How do I?

Exploiting HTTP request smuggling to perform web cache poisoning - Not getting results.

HTTP/1.1 Host: acfb1ff41fc0eb70c03ba87e008c000d.web-security-academy.net Content-Type: application/x-www-form-urlencoded Host: exploit-ac6a1f321fcaeb3dc0f4a8cc013d002c.web-security-academy.net Content-Type: application/x-www-form-urlencoded

Last updated: Oct 18, 2021 08:49AM UTC | 0 Agent replies | 1 Community replies | How do I?

Lab: Arbitrary object injection in PHP

burp request ..Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:5 Stack trace: #0 {main} thrown in /var/www/index.php on line 5

Last updated: Apr 12, 2021 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Missing parameter in HTTP Smuggling request lab

HTTP/1.1 Host: 0abd00da04a3b710c0c4a56b002200b3.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jun 29, 2022 02:33PM UTC | 2 Agent replies | 1 Community replies | How do I?

Lab Not Responding

HTTP/1.1 Host: ac6d1fc91e74b3a4808926fc009c005a.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 03, 2022 09:11AM UTC | 7 Agent replies | 8 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to capture other users' requests

the lab POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 256 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Apr 19, 2021 10:55AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Exploiting HTTP request smuggling to capture other users' requests-- not solving

HTTP/1.1 Host: ac4f1f451ed62abd80777fe600120062.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 277 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 04, 2021 08:08AM UTC | 1 Agent replies | 0 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

response when i sent this request POST / HTTP/1.1 Host: my lab id Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Nov 18, 2020 11:51AM UTC | 1 Agent replies | 0 Community replies | How do I?

Sort entries in the site map by domain components before hostname

com.host1.www com.host1.www1 com.net2.www even though the hostnames are actually displayed as expected

Last updated: Apr 24, 2024 08:00AM UTC | 4 Agent replies | 3 Community replies | Feature Requests

HTTP request smuggling, basic TE.CL vulnerability Lab Queries.

AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36 Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Connection: keep-alive 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jun 12, 2023 12:58PM UTC | 1 Agent replies | 0 Community replies | How do I?

Exploiting HTTP request smuggling to capture other users' requests

acc91f4d1faf6485c0b70322000b009b.web-security-academy.net Cookie: session=bWpx0z3BW0qJhvBVGo9kof3BBkwpv3qU Content-Type: application/x-www-form-urlencoded Transfer-encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Length: 600 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 19, 2022 04:36PM UTC | 7 Agent replies | 8 Community replies | How do I?

How to install burp suite properly. Java error during installtion.

com.install4j.runtime.installer.frontend.headless.AbstractHeadlessScreenExecutor.init(AbstractHeadlessScreenExecutor.java:83

Last updated: Dec 09, 2022 07:58AM UTC | 1 Agent replies | 0 Community replies | How do I?

Error while downloading burpsuite on kali linux

com.install4j.runtime.installer.frontend.headless.AbstractHeadlessScreenExecutor.init(AbstractHeadlessScreenExecutor.java:83

Last updated: Jun 17, 2024 01:26PM UTC | 2 Agent replies | 1 Community replies | How do I?

Search deeper