Burp Suite User Forum
Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just...
Sqlmap can be run by giving --proxy https://127.0.0.1:8080 which will take alll its data through burp. However, after the recent update in burpsuite, while running sqlmap with burp proxy, getting error: [18:24:03] [INFO]...
Hi, I cannot login to Google services using built-in Chromium, every time i try to login my Google account, i get this error `This browser or app may not be secure. Try using a different browser. If you're already using a...
Only websockethistory is garbled. httphistory and others are not garbled. How can I fix the garbled websockethistory? I'm attaching a...
Hello while I was running burpsuite I noticed an increase usage in cpu, looking at the task manager I saw weird command initiated by burp invoquing chrome with a series of suspicious flags. Is this something to worry about ?...
LLM Lab - indirect prompt injection shows as not solved when the user was deleted from the database successfully. { "role": "user", "content": "please consider ********* " } { "role": "assistant", "content":...
Hi, I use the embedded browser to access any site, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console. Any idea what is the issue?
I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...
Hello, I can not download and install Scan Engine Update 2024.1.1.6. It errors out and it looks like you forgot to sign it. Bad signature.
In this lab, I'm stuck on step 5 of the solution: In the browser, go to the exploit server and enter the following HTML, replacing YOUR-LAB-ID with your unique lab URL: <script> var req = new XMLHttpRequest(); ...
The solution of laboratory "Client-side desync" is not working. The following code does not work in Chrome: fetch('https://YOUR-LAB-ID.h1-web-security-academy.net', { method: 'POST', body: 'GET /hopefully404...
The Lab Lab: Reflected XSS protected by very strict CSP, with dangling markup attack seems to imply that the dangeling attack is required to get the CSRF token and then use it for the attack. But since the CSRF attack is...
Hey, I've been using my trial of the Burp Suite Professional, after installing it everything is really fast, the intruder can run trough a lot of attempts really quickly, but after when I try to use it again it gets as slow...
I am trying to open Burp suite in the Windows but I am facing on issue saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp...
Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...
Hi, I tried experimenting with the new BChecks feature in Burp 2023.6. It's a nice new feature. I found that host-level BChecks only run once per host, which according to the documentation might be intentional. From...
Hi Portswigger team, the Burp Suite Pro installer unfortunately overwrites the ~/Applications/BurpSuitePro/BurpSuitePro.vmoptions file each time I install a new version using using the Linux .sh installer. This is a...
Hello, I wanted to bring to Portswigger's attention that there is an error with the "Finding and exploiting an unused API endpoint" lab. When using the OPTIONS method to discover what methods are allowed by the API, the...
Hello, I have our internal certificates added to Burp Enterprise's GUI, however, upon running a scan against a website that has the proper internal certificate chain trust, we still get the medium TLS Certificate finding. ...
Hi, maybe there is bug inside the laboratory "CORS vulnerability with trusted insecure protocols". The following exploit script works with Burp's Chrome: <script> document.location =...
Page 1 of 140
Your source for help and advice on all things Burp-related.