Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

GET Method

jorge | Last updated: Jun 25, 2021 06:20PM UTC

I'm trying Burp Suite on DVWA to do brute force for practice purposes. When i capture a request, i only get POST method. How can i get a GET request?

Ben, PortSwigger Agent | Last updated: Jun 28, 2021 10:17AM UTC

Hi, The POST and GET requests are going to be determined by the web site themselves, rather than Burp, and I would expect that if you were trying to brute force a, for example, login page that the POST request would be the request that you would need to interact with. Can you clarify what process you are trying to carry out using the DVWA test site?

jorge | Last updated: Jun 28, 2021 06:34PM UTC

Hi Ben, In DVWA there is a login. When you use random credentials you get a message like this: "Login or password incorrect" What i'm trying to do with this, is to get a request that uses the GET method. So, adding the payload where the pass and user is i can do a brute force with two lists, using the attack cluster bomb so i can get the credentials i need. The message above is to make burp suite say to me what credentials are the good ones but this is not the problem. The problem is that with a POST i can't do this process i need a GET and i saw videos that they get this request automatically with DVWA. Is there any configuration to change this? I don't know about it. If i'm wrong and i can do this with POST, please let me know but i don't think so. Thak you for your time

jorge | Last updated: Jun 28, 2021 07:14PM UTC

I forgot to mention before. I have tried with several practice sites to see if the problem came from DVWA (a bad config,...), but it still happen in those sites.

Ben, PortSwigger Agent | Last updated: Jun 29, 2021 08:05AM UTC