Burp Suite User Forum

Create new post

Found 250 posts in 26 threads

Modify target from abc to xyz

the tests I did on abc.com on xyz.com, Is it possible in Burpsuite to just edit the url from abc to xyz

Last updated: Dec 02, 2021 12:21PM UTC | 1 Agent replies | 0 Community replies | How do I?

How can I intercept traffic on iOS 10?

easily intercept the internet browsing( http & https both) but I am unable to intercept the application(xyz ) traffic & can browse the application(xyz) easily when intercept is on. I am getting an error saying FAIL TO CONNECT TO application(xyz) P.S.: the application(xyz) is already

Last updated: Jul 03, 2019 03:27PM UTC | 6 Agent replies | 6 Community replies | How do I?

Blind SQL lab.1

Here: xyz' AND '1'='1 …xyz' AND '1'='2 I don't understand what those quotes ' ' are, in the

Last updated: Feb 08, 2022 08:11AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Filtering URLs with specific words

eg: http://www.domain.com/abc/page1/Could+not+create+url+for+page+path:+/xyz http://www.domain.com url+for+page+path:+/pqr http://www.domain.com/abc/123/dir1/page1/Could+not+create+url+for+page+path:+xyz /subdir1 http://www.domain.com/abc/564/dir3/page1/Could+not+create+url+for+page+path:+dir2/page1/xyz

Last updated: May 31, 2016 10:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Support on this SQL statement

SQL statement we injecting below (Blind SQLi with conditional responses using the TrackingID) ...xyz

For example on this, ...xyz' AND '1'='1 I noted that there were no extra SQL that were being processed in that query hence if tried ...xyz' AND '1'='1-- it will be 'executed' but then logically it will be incorrect hence the structure of the query I am testing can be ...xyz' AND '1'='1' ending with a '

Last updated: Aug 06, 2021 11:20AM UTC | 2 Agent replies | 2 Community replies | How do I?

why do i have to use the concatenation operator when SQL injecting ?

the blind sql injection labs . i got lost when i saw this query on the solution : ''' TrackingId=xyz i saw it again on the next lab which runs on postgresql : ''' TrackingId=xyz'||pg_sleep(10)-- '''

Last updated: May 10, 2021 02:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

About the Web Academy content

web-security/sql-injection/blind), you can see that the material teaches the following command: xyz To solve the lab, it's used the following command: xyz' AND (SELECT SUBSTRING(password,1,1) FROM users web-security/sql-injection/blind/lab-conditional-errors), where the learning material shows this code: xyz > 'm') THEN 1/0 ELSE 'a' END FROM Users)='a and the solution provided use this kind of code: xyz

when trying to find the password, you can either use the suggestion from the solution: TrackingId=xyz create a slightly different SQL query based on the suggestion from the learning materials TrackingId=xyz

Last updated: Nov 16, 2021 02:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

[webacademy] Bug in explanation of blind SQLi

So it is not true that these queries return true (the first one) or false (the second one): xyz' UNION SELECT 'a' WHERE 1=1-- xyz' UNION SELECT 'a' WHERE 1=2-- Both of them make the final query to return

Are you replacing the TrackingID cookie value item with "xyz' UNION SELECT 'a' WHERE 1=1--" or appending

Last updated: Jan 29, 2020 02:29PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

"Lab: Blind SQL injection with conditional responses" syntax question

The following are given as examples about how to test for truth: TrackingId=xyz' AND (SELECT 'a' FROM users LIMIT 1)='a TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator')='a TrackingId=xyz' AND (SELECT 'a' FROM users WHERE username='administrator' AND LENGTH(password)>1)='

Last updated: Aug 25, 2022 06:50AM UTC | 0 Agent replies | 1 Community replies | How do I?

2 requests with the same URL but different HTTP methods are not getting added to the Site Map

GET https://test.com/xyz PUT https://test.com/xyz Only one of them( the one that is intercepted

Last updated: May 25, 2018 07:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp misses open redirect

Example HTTP Request: http://[victim]/XYZ Example HTTP Response: HTTP 301 Location: https:/ /[victim]XYZ As the / is missing from the document request, we control the domain name string.

Last updated: May 22, 2017 08:01AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Why simple quote is necessary in SQL Blind Injection using TrackingID?

I'm in first lab of Blindd SQL Injection and payload for test is: TrackingId=xyz' AND '1'='1 Why

Last updated: Dec 17, 2021 02:51PM UTC | 1 Agent replies | 0 Community replies | How do I?

'Lab: Blind SQL injection with conditional responses' not working

"TrackingId=xyz AND '1'='1" should return me 'Welcome back!' , but "TrackingId=xyz AND '1'='2" should not return me nothing).

Last updated: Apr 01, 2024 06:29AM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Automated scan does not recognize Javascript

perform an automated scan with Burp Professional and when I run it, I get the message: "We're sorry but XYZ

Hi Martii, Just to clarify, where are you seeing the message "We're sorry but XYZ doesn't work properly

Last updated: Feb 06, 2023 05:25PM UTC | 1 Agent replies | 0 Community replies | How do I?

Authentication Failure from xyx.com

Hi All, Need urgent help, We have a financial Application(xyz) and we are running burp suite for that

Last updated: Jul 31, 2018 12:55PM UTC | 1 Agent replies | 0 Community replies | How do I?

Collaborator "payload" field not correct when using multiple tokens

up logging a payload hit for xyz.oastify.com (and abc) in the UI, even though there is no request to xyz

Last updated: Nov 09, 2023 10:31AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

How do I customize the columns shown in proxy - http history?

user-agent that identifies the test I was running and the tool I was using .... like: 'ffuf parameter xyz

Last updated: Jun 27, 2022 07:32AM UTC | 2 Agent replies | 1 Community replies | How do I?

SQLi lab - Blind SQL injection with conditional errors problem

TrackingId=xyz'||(SELECT '' FROM dual)||' I am confuse with concatenation symbol "||" ,why need to

Last updated: Aug 12, 2022 10:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Bypassing access controls via HTTP/2 request tunnelling

X-SSL-VERIFIED: 1\r\n X-SSL-CLIENT-CN: administrator\r\n X-FRONTEND-KEY: 4915524682751556\r\n \r\n Value xyz

Last updated: Jun 02, 2023 01:04PM UTC | 1 Agent replies | 0 Community replies | How do I?

extender no longer working?

illegal reflective access operation has occurred WARNING: Illegal reflective access by burp.fp4 (file:/xyz

Last updated: Apr 15, 2021 08:09AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Broken brute-force protection, multiple credentials per request CSRF Token issue

In the macro editor the host column was XYZ and the host in the Raw request I had changed it to ABC ( Going back to the Cookie JAR I had session cookie from host ABC and XYZ.

Last updated: Jun 21, 2024 07:52PM UTC | 9 Agent replies | 11 Community replies | How do I?

How do I download Burp updates without going through the GUI?

product={name}&version={currentversion}&license={xyz}" [2] https://github.com/pajswigger/update-burp

Last updated: Jun 02, 2020 01:12PM UTC | 3 Agent replies | 2 Community replies | How do I?

Install Burp Suite on Kali linux?

burpsuite_community_linux_v2023_11_1_3.sh.11504.dir/jre/bin/java: Exec format error uname -a: Linux XYZ

Last updated: Jan 02, 2024 09:50AM UTC | 2 Agent replies | 1 Community replies | How do I?

File upload Challenge - file upload returns missing parameter despite all fields filled out

orange-logo.jpg" Content-Type: image/jpeg ÿØÿà�JFIF��H�H��ÿâICC_PROFILE��� lcms��mntrRGB XYZ

Last updated: Sep 16, 2022 10:45AM UTC | 3 Agent replies | 2 Community replies | How do I?

Save Intruder Tabs On Exit Just Like Repeater Tabs

Instead I pick the payloads I want to scan > right click > “scan defined insertion points” > “add to task xyz

Last updated: Apr 26, 2022 08:58AM UTC | 1 Agent replies | 0 Community replies | Feature Requests

Use of multiple URL's with plugin: Burp Scan

Suggest how to overcome this Jenkins Console: Started by user XYZ Building remotely on UFT_EntAutomation_N1