How do I? - Burp Suite User Forum

network is unreachable error

every time i use my phone's data, it works good with burp for some time but after an hour, it shows 'network is unreachable'. If i try again after some time, it'll again start working

I recently updated the email associated with my Burp account, where I've already purchased an exam. However, when attempting to access Examity, I encountered an error stating "invalid user," despite having completed my...

failed to create burp project: cannot parse null string.

os : windows version: burp suite community edition v2023.9.4 error : an error occurred when starting a project with the selected options failed to create burp project: cannot parse null string. i don't have any...

Basic clickjacking with CSRF token protection remains unsolved unless adding 'delete-account' to end of url?

hello i followed the instructions to the labs as well as the community solutions video but did not get the lab solved. in burp's chromium browser it remains at login page instead of account page with 'delete account'...

Doesn't Burp Scanner use cookie jars?

Hello! I've encountered several issues during the crawling phase. I used the Burp Suite Chrome extension to record the login sequence and started crawling. When I check the live view, it seems like the login is...

Basic clickjacking with CSRF token protection remains unsolved

i saw through other posts the burp embedded browser is not working and i tried through firefox with the same issue , only showing login screen instead of account screen with delete button. i was able to get the correct...

APIs to create/import Bchecks without having to navigate through UI

Is there a way or any APIs that can help me automate the process of BCheck import/creation without having to navigate through the UI.

Find pages that should be protected by a session cookie

I'm using burp suite pro and an authenticated scan generates the target map of my web app. I want to automate a check to find pages that generate a valid response (non 303) when a session cookie is not provided. I've used...

How to reset a lab

Hello Support, I was trying the "Lab: Basic clickjacking with CSRF token protection" but I tried to intercept server response and changed the post for change email with delete account. Now I'm unable to login using the...

Http Headers Highlighted

So sometimes I find it difficult to actually differentiate between http headers and their values .Is there a way that I can highlight them to a certain color ? Note:I'm using BurpSuite Dark Purple Theme (Ext)

BSCP Exam : Examity

Hi i am giving the BSCP exam right now, the examity wasn't detecting the permissions, so i cleared the cache and logged in back again, but the dashboard now says to contact my administrator, i haven't started the exam yet....

BSCP exam

Hi, I have already attempted the BSCP certification. I was able to solve the first app correctly, but in the second app there was a vulnerability that I knew it was there (essentially because of the active scan and because...

POST requests through Postman logged as GET in Target - Site Map

I have Postman proxying through Burp. When I make a POST request and review the request through the interceptor everything appears as it should. I see that the request is a POST and I see the payload. However, if I then...

No more activations allowed

Hi Team, I am trying to reactivate my Burp Pro license several times on my formatted machine due to environmental issues. I unable to reactivate as I am getting "No more activations allowed for this license" message....

How do I check the string length using BCheck?

I have the followign code: ``` given insertion point then if {insertion_point_base_value} in {base.response} then ... end if ``` However, I'd like to check if `insertion_point_base_value` length...

Collaborator with letsencrypt wildcard cert

So I have certbot setup to use the route53 plugin, so it automatically creates the necessary DNS records to validate a wildcard certificate. The problem is that collaborator needs an NS record for the subdomain you're...

Unable to login to the labs with the given credentials

Password brute-force via password change Offline password cracking For the above two labs, I entered username- weiner, password- peter. When I click on login it says invalid username or password. can anyone please...

exploit server

Hi, How do I create an exploit server (like the one in portswigger.net academy) to use for pen-testing of real client's website? In other words, what do I need to be able to craft an exploit that is send to a...

Authenticated API Scan

How can I perform an authenticated API scan using the new API scanning functionality? I am uploading the OpenAPI schema file, which is parsed correctly. However, there is no option to define a bearer token or similar...

Hall of fame

I've solved 8 labs in 1 week. Hall of me hasn't increased in a week.