Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Found 50 posts in 36 threads

Would you please change our company and contact information?

been migrated/merged to the following company since the beginning of 2021: “E.ON Digital Technology GmbH Thanks and best regards Christian Englert Vendor Management Licenses E.ON Digital Technology GmbH

Last updated: Sep 08, 2021 10:37AM UTC | 1 Agent replies | 0 Community replies | How do I?

Transfer User Licenses

Dear Support team, we bought 2 licenses of Burp Suite Professional with the help of CCP Software GmbH

Last updated: Dec 30, 2021 02:16AM UTC | 1 Agent replies | 2 Community replies | How do I?

No more activations allowed for this license

activations allowed for this license" Product Burp Suite Professional licensed to Spiele Plasat GmbH

Last updated: Oct 29, 2024 07:10PM UTC | 15 Agent replies | 17 Community replies | How do I?

Critical Service Issue : External Service Interaction(DNS)

When we run Burp Scan to Our Xactly product, we are seeing a Critical issue related to "External Service

Last updated: Sep 02, 2020 12:59PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

External service interaction (DNS)

I have scanned a target address and found "External service interaction (DNS)" vulnerability.

Last updated: Aug 04, 2016 01:13PM UTC | 1 Agent replies | 1 Community replies | Feature Requests

Macro+soap service

Hello, I have to test a soap service. Specifically a function that deletes a token.

Last updated: Sep 08, 2017 03:28PM UTC | 1 Agent replies | 1 Community replies | How do I?

external service interaction DNS

I scanned my system again in March, and got new issues "external service interaction DNS" in the report

Last updated: May 16, 2017 03:23PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

EXTERNAL SERVICE INTERACTION (DNS)

relevant application functionality, and determine whether the ability to trigger arbitrary external service If the ability to trigger arbitrary external service interactions is not intended behavior, then you

Last updated: Sep 20, 2019 09:48AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Incorrect path reported in target sitemap

are probably problematic too), for example '<link rel="stylesheet" href="あ/style.css" />': # mkdir www meta charset="utf-8"><link rel="stylesheet" href="あ/style.css" /></head><body>test</body></html>' > www /www:/usr/share/nginx/html:ro -p 5000:80 -d nginx 2) browse through Burp to the created webpage (http amd64 os.name Linux os.version 6.8.0-41

Last updated: Sep 05, 2024 10:24AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

External service interaction (DNS & HTTP)

External service interaction (DNS & HTTP) Example of a Request & response: Request Response

Last updated: Aug 21, 2018 12:38PM UTC | 1 Agent replies | 0 Community replies | Feature Requests

External Service Interaction False Positive

While running active scan against a site while on a VPN, Burp reported an issue for External Service However, the service being interacted with is coming from my Public IP on the VPN and not from the site

Last updated: Mar 25, 2021 02:50PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Another service instead of Collaborator

Hello, The firewall is blocking the domain(oastify.com) where the burp collaborator is. There are open source apps that do the same thing => https://app.interactsh.com But the collaborator gives as...

Last updated: Jul 08, 2022 12:18PM UTC | 1 Agent replies | 2 Community replies | How do I?

external service interaction -- https

I noticed Burp supports external service interaction -- DNS, http and SMPT. Do you have any plan to support external service interaction -- https? Recently we found our application is vulnerable (and exploitable) to external service interaction --

Last updated: May 15, 2017 03:17PM UTC | 2 Agent replies | 1 Community replies | Feature Requests

Exploiting PHP deserialization with a pre-built gadget chain - getting error

Symfony Version: 4.3.6 PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 Thanks

Last updated: Jun 05, 2021 09:01AM UTC | 1 Agent replies | 2 Community replies | How do I?

HTTP Request Smuggling

responses" is given as "POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 7c GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded server was given as "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded should be like this: "GET /404 HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded Content-Length: 146 x=POST /search HTTP/1.1 Host: vulnerable-website.com Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 01:54PM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab Login Not Working

HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: ac201f5c1e42e752809e2e6200c0001f.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 272 Transfer-Encoding: chunked 0 POST /post/comment HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Jul 10, 2020 08:07AM UTC | 3 Agent replies | 5 Community replies | How do I?

HTTP request smuggling, obfuscating the TE header

POST / HTTP/1.1 Host: my host.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked Transfer-encoding: cow 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Mar 05, 2021 03:32PM UTC | 1 Agent replies | 2 Community replies | How do I?

HTTP request smuggling, basic TE.CL vulnerability

i sent: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: May 20, 2020 01:02PM UTC | 1 Agent replies | 1 Community replies | How do I?

Lab: Modifying serialized data types - Debug dumps tokens

p9a5ei0x99qi74vejsq36czp0tn1z3d6, xlbjcoe8ecul6sfmtdrt5cm8qqr6o7hx]) Invalid access token for user carlos in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7

Last updated: Aug 20, 2021 02:26PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

HTTP/1.1 Host: ac451f7f1e1dd31780a427f50095008e.web-security-academy.net Content-Type: application/x-www-form-urlencoded Transfer-Encoding: chunked 71 POST /admin HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded

Last updated: Jan 30, 2020 10:00AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Not possible to disable "Update Content-Length"

HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 4 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded HTTP/1.1 Host: 0a9900df035bbae8c07d5a7d0077009b.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 105 Transfer-Encoding: chunked 5e POST /404 HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 02, 2022 02:11PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Is external service interaction vulnerability exploitable.

Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/

Last updated: Mar 24, 2020 03:00PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

HTTP Request Smuggling

portwigger: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Feb 14, 2022 06:44PM UTC | 1 Agent replies | 2 Community replies | How do I?

PHP deserialization: Signature does not match

receiving this error: PHP Fatal error: Uncaught Exception: Signature does not match session in /var/www /index.php:7 Stack trace: #0 {main} thrown in /var/www/index.php on line 7 My secret key: f99oqo0667s8noe1clqktoa99mnzvuq2

Last updated: Sep 05, 2023 06:14AM UTC | 1 Agent replies | 1 Community replies | How do I?

External Service Interaction - Bug Bounty?

I have found an external service interaction issue on a website that is listed in hacker one, I want I have recently reported an external service interaction bug, but the company asked for a poc and I had

Last updated: Feb 06, 2019 11:51AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

ca certificate

The URL is http://burp/ - there's no www.

Last updated: Jun 10, 2020 07:32AM UTC | 7 Agent replies | 9 Community replies | Bug Reports

LAB: Exploiting HTTP request smuggling to reveal front-end request rewriting

HTTP/1.1 Host: ac201fbc1fd627ddc0effe2300f200de.web-security-academy.net Content-Type: application/x-www-form-urlencoded username=carlos HTTP/1.1 X-ayZFvQ-Ip: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length

Last updated: Nov 29, 2021 08:07PM UTC | 1 Agent replies | 2 Community replies | How do I?

vulnerable yes or no

POST /dz588q90/xhr/api/v2/collector/beacon HTTP/1.1 Host: www.---------.com Origin: http://example.com : */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 1410 Origin: https://www.--------.com Connection: close Referer: https://www.realself.com

Last updated: Jul 05, 2021 10:20AM UTC | 0 Agent replies | 0 Community replies | How do I?

Install Burpsuite on Kali ARM RaspberryPi 4

Linux kali-pi 4.19.118-Re4son-v7+ #1 SMP Wed May 6 14:25:41 AEST 2020 armv7l GNU/Linux Architecture

Last updated: Aug 31, 2021 08:40AM UTC | 6 Agent replies | 6 Community replies | How do I?

Lab 1 Directory traversal(File path traversal, simple case)

3 directory or 4 directory under root directory eg image(218.png) can we present in directory /var/www /image/218.png or /var/www/image/abc/218.png, How we get to know this for applying Directory traversal

Last updated: May 06, 2022 09:39AM UTC | 1 Agent replies | 0 Community replies | How do I?

Lab: Modifying serialized data types

Modifying serialized objects" PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4 echo "O:4:"User":2

Last updated: Jul 19, 2023 11:43AM UTC | 8 Agent replies | 15 Community replies | How do I?

Lab: HTTP request smuggling, basic TE.CL vulnerability

provided is: POST / HTTP/1.1 Host: your-lab-id.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-length: 4 Transfer-Encoding: chunked 5c GPOST / HTTP/1.1 Content-Type: application/x-www-form-urlencoded

Last updated: Dec 08, 2022 07:47AM UTC | 6 Agent replies | 6 Community replies | How do I?

Bug in Lab

error Internal Server Error PHP Fatal error: Uncaught Exception: unserialize() failed in /var/www /index.php:4 Stack trace: #0 {main} thrown in /var/www/index.php on line 4

Last updated: May 25, 2021 01:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

External service interaction (DNS) false positives

Hello, in the new versions of burp I am getting a huge amount of false positives of this vulnerability. In all last pentests, burp puts the payload in the HTTP request line, my machine tries to resolve this domain and...

Last updated: May 29, 2020 09:07AM UTC | 7 Agent replies | 6 Community replies | Bug Reports

Reproducing External Service Interaction (DNS) issue

Hi all, I am having a problem recreating an external service interaction (DNS) via the scanner.

Last updated: Oct 03, 2019 07:37AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Embedded browser - 503 Service Temporarily Unavailable

use embedded browser with https://gitlab.com/users/sign_in but it keeps refreshing with "HTTP/1.1 503 Service

Last updated: Mar 24, 2021 10:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Search deeper