Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burpsuite error or using incorrectily

castro1825 | Last updated: Jun 13, 2021 03:39PM UTC

Hey everyone, I wanted to test a login page but everytime I try to use different passwords it the server gives the same exact response even if it gets the correct password. What can I do to hint me that it is the correct password? POST /en/auth_login HTTP/2 Host: www.kkkkkkkk.com Cookie: lang=en; _fz_uniq=5055482433821045220; _fz_fvdt=1623588834; _fz_ssn=1623597181300998453; sid=rp4flihlyiwqkwcunqhdteuw; _media_uuid=2996535769 Content-Length: 197 Cache-Control: max-age=0 Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="90" Sec-Ch-Ua-Mobile: ?0 Upgrade-Insecure-Requests: 1 Origin: https://www.kkkkkkkk.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://www.kkkkkkkk.com/en/auth_login Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close RedirectAfterLoginUrl=https%3A%2F%2Fwww.kkkkkkkk.com%2Fen&RegistrationUrl=&ShowOpenId=True&ViewType=0&Login=§castr§&Password=§§&signature=

Hannah, PortSwigger Agent | Last updated: Jun 14, 2021 03:43PM UTC

Hi If you attempt to log in on the actual site, is there a difference if you provide a correct password compared to an incorrect password?

ben | Last updated: Jun 14, 2021 09:55PM UTC

I actually ran into this problem when I installed for the first time (had to reinstall), but once I reinstalled I realized that the default admin account name is "admininstrator" instead of the widely used and accepted "admin". - Just trying to eliminate some causes :) But if you don't remember your password you will have to completely reinstall (backup your searches etc.).

Hannah, PortSwigger Agent | Last updated: Jun 15, 2021 08:25AM UTC

If you are using Burp Suite Enterprise, and are struggling to remember your login credentials, you can create a new admin user with the following instructions: https://portswigger.net/burp/documentation/enterprise/getting-started/create-new-admin-user

castro1825 | Last updated: Jun 15, 2021 12:33PM UTC

Hey Hannah, no there is not a difference they are exactly the same, when I try the intruder it gives me the different lenght of messages and says that the logins that I tried are wrong even tho it was the correct one, I don't understand why this happens.

Hannah, PortSwigger Agent | Last updated: Jun 16, 2021 12:37PM UTC

Hi Could you drop us an email at support@portswigger.net with some screenshots of what you are experiencing?

castro1825 | Last updated: Jun 17, 2021 03:42PM UTC