Burp Suite User Forum
Hello, I've been trying to solve the lab, but not even testing exactly the way the Academy is teaching or how community solutions were made (almost no difference at all) I can solve. I'm supposed to test for SQL payloads on...
Hi, you have Bug in the brute force to GraphQL, I did it right and the payload is correct but still I getting a message of: HTTP/2 200 OK Content-Type: application/json; charset=utf-8 X-Frame-Options:...
When trying to authenticate to auth server the following error is displayed: SessionNotFound: invalid_request at Provider.getInteraction...
Basically as title says client TLS certificate loader doesn't work. On step where you are supposed to select certificate file, when you click select file window pops up but it doesn't show any files that are in the directory...
Hello, after building the payload on exploit server and viewing the exploit, I was redirected to the login page. I tried to login as wiener again there but the CSRF token is invalid ("Invalid CSRF token (session does not...
Hi, Is it possible the CSRF labs are broken? I have attempted the following: - https://portswigger.net/web-security/csrf/lab-no-defenses -...
Hi Team! I'm having trouble solving "clickjacking labs". Every time I try to "deliver exploit to victims", it doesn't work, and the lab stays unresolved. I've tried the solution given by PortSwigger and looked at several...
Hello! I had an BSCP exam finished few minutes ago and I failed it. I solved first app in one hour and other time I spent on second app, but can't go even through the first step, I think it might be some issue on the...
Hello, I'm trying to solve the lab "Reflected XSS into HTML context with all tags blocked except custom ones" with the solution provided and I also tried other solutions on the internet but when I deliver the exploit to the...
has been mail collaborator switched to use oastify.com domain ? version: Professional v2202.3.9 build 13363 bodik
Hi, I use the embedded browser to access any site, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console. Any idea what is the issue?
Please replace this proctoring company with something else - it could not be worse. If I see a cert that uses them in the future I will avoid it.
The lab 'Lab: Reflected XSS with event handlers and href attributes blocked' (https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked) seems to be responding very...
Hi I am reporting a problem with the execution of clickjacking exercises. I am using a browser in burp. I perform the exercises according to the solutions. Selecting View exploit I noticed that the browser blocks...
Only websockethistory is garbled. httphistory and others are not garbled. How can I fix the garbled websockethistory? I'm attaching a...
Hello I am following the solution steps provided and followed the video solution as well but the lab is not solved. When I put "X-Original-Url: /setlang\es" in the GET / . it doesn't redirect me to the localised=1. it...
Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...
I can't reliably reproduce it but it seems that sometimes when sending requests to repeater from the proxy history they aren't populated correctly. This has occurred perhaps 4 or 5 times in a day of testing and speaking to...
Hi, I cannot login to Google services using built-in Chromium, every time i try to login my Google account, i get this error `This browser or app may not be secure. Try using a different browser. If you're already using a...
Sqlmap can be run by giving --proxy https://127.0.0.1:8080 which will take alll its data through burp. However, after the recent update in burpsuite, while running sqlmap with burp proxy, getting error: [18:24:03] [INFO]...
Page 1 of 140
Your source for help and advice on all things Burp-related.