How do I? - Burp Suite User Forum

Academy Progress Reset

Hello :) Can you please reset my progress on the labs and learning materials?

Validating SQL Injection vulnerability reported by BurpSuite

Hi, While scanning our website with Burp Suite we found there is SQL injection vulnerability. I tried SQLMAP to confirm the vulnerability, but it reported false positive. I tried playing around with few switches of SQLMAP...

Scan for MFA being required (or not required) on a resource

I am trying to figure out if Burp Suite Pro would be able to give me a report on whether or not a resource is requesting (or not requesting) MFA on all authentication possibilities that are detected. Would this be something...

Writing Bambda Help

Hello, I'm attempting to write a bambda. The filter will search for requests that are to /intern/api and then if the headername contains x-name add a note + highlight the request. The issue im facing is that the filter...

BSCP Exam

Hi, since linux is not supported by examinity, can I complete the identification process on a windows host, and the actual exam on a *different* linux based machine? Thanks in advance.

temporary project in memory

I created a new project as a temporary. While I was working, the computer suddenly shutdown. After the start, I see the date in the temp files. how can I open that temp file now?

The Macro Recorder cannot select more than one request.

Hi, I have a problem with the macro recorder where I can't select more than one request. So I tried: Session > Session Handling Rules > Add. In the session handling rules, I changed the scope to URL Scope > Include all...

How to reset a lab

Hello Support, I was trying the "Lab: Basic clickjacking with CSRF token protection" but I tried to intercept server response and changed the post for change email with delete account. Now I'm unable to login using the...

Filter out results based on response size? websockets history

Is there a way to FILTER out any responses that are of Size X or less? I get a lot of noise in the WebSockets History that I don't want to see. Anyway to not show responses of size X or less?

Please reset all of my academy progress

I'm returning from a long break and want to start fresh pls. Thank you.

Reflected XSS protected by very strict CSP, with dangling markup attack - NO HTTP/ DNS from Victim

Hi Team, Hope you are doing well. It might just probably be me, but while solving the lab, I can verify the solution is working for me, if I portrait as a victim, and can see my packets come through, but not for the...

BurpSuite severity rating vs CVSS 3.1 rating

Hi, would like to find out how BurpSuite calculate the score for vulnerability and provide the severity rating? There seems to be a difference between CVSS 3.1 rating. Thanks.

Labs are not accessable

Hi Team, When i try to access a lab it takes too long to respond, few of the times it works not always. Installed the CA, made the changes in the browser (about:config security.ssl.enable_ocsp_stapling) in...

Detect Authentication Type

Hello everyone, I hope you all doing well, I am newbie and I apologize if my question seems basic or if it has already been asked before. I tried searching but I couldn't find the exact information I'm...

Cookie misconfiguration

I am getting cookie when loading login page, as below in burp REQUEST:- cookie: visitor=531543254325423654236 like above. so now question is whether above cookie is vulnerable or not whether i can report it to developers...

Reset labs

Can you please reset my all labs?

Reset Academy Progress

Hi, Any idea how can I reset my Portswigger academy progress? I would like to start from scratch. Thanks.

No More Activations Allowed

Hi Team, We have purchased two licenses, for one license I could see No More Activations Allowed which might be because of my multiple activation attempts on my machine [issue my IT environment new software installation...

Beginner-first Lab- Excessive trust in client-side controls

When I have "Intercept is on" toggled, the page will not load. If I toggle to "Intercept is off" the page will load. I've tried it several times and each time it just hangs and will not load the page or return any response...

Lab - Exploiting Java deserialization with Apache Commons

Hi! I'm trying to solve this lab (Exploiting Java deserialization with Apache Commons) but i can't. First, i tried with ysoserial (like in the description of the lab is told) but when i send the request i get a 200 Ok...