Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

validate the vulnerabilities

| Last updated: Nov 26, 2021 07:14AM UTC

I really want to exploit and see the vulnerability by myself if its really a vulnerability that is shown to me how do I exploit and see and validate what the Burp is telling me. It would help me to analyze the risk associated with the web app.

Ben, PortSwigger Agent | Last updated: Nov 26, 2021 02:35PM UTC

Hi, Are you using the Burp Scanner (available in both Burp Professional and Burp Enterprise) in order to initially identify vulnerabilities within your website? If so, each of the identified vulnerabilities will have some supporting information detailing how Burp has determined that a vulnerability is present (this is usually in the form of a request and response but can differ depending upon the type of vulnerability). You should be able to use this information to manually verify that the reported vulnerabilities are present. The best way to do this (again, depending upon the type of vulnerability that is present) is normally by using the Repeater tool within Burp Professional (I can see that you currently have a valid trial of both Burp Professional and Burp Enterprise so should be able to do this). There is some more information on how to use Burp Repeater on the page below: https://portswigger.net/burp/documentation/desktop/tools/repeater/using

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.