Burp Suite User Forum
Basically as title says client TLS certificate loader doesn't work. On step where you are supposed to select certificate file, when you click select file window pops up but it doesn't show any files that are in the directory...
When trying to authenticate to auth server the following error is displayed: SessionNotFound: invalid_request at Provider.getInteraction...
Hello, after building the payload on exploit server and viewing the exploit, I was redirected to the login page. I tried to login as wiener again there but the CSRF token is invalid ("Invalid CSRF token (session does not...
Hi, Is it possible the CSRF labs are broken? I have attempted the following: - https://portswigger.net/web-security/csrf/lab-no-defenses -...
Hi Team! I'm having trouble solving "clickjacking labs". Every time I try to "deliver exploit to victims", it doesn't work, and the lab stays unresolved. I've tried the solution given by PortSwigger and looked at several...
Hello! I had an BSCP exam finished few minutes ago and I failed it. I solved first app in one hour and other time I spent on second app, but can't go even through the first step, I think it might be some issue on the...
Hello, I'm trying to solve the lab "Reflected XSS into HTML context with all tags blocked except custom ones" with the solution provided and I also tried other solutions on the internet but when I deliver the exploit to the...
has been mail collaborator switched to use oastify.com domain ? version: Professional v2202.3.9 build 13363 bodik
Hi, I use the embedded browser to access any site, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console. Any idea what is the issue?
Please replace this proctoring company with something else - it could not be worse. If I see a cert that uses them in the future I will avoid it.
The lab 'Lab: Reflected XSS with event handlers and href attributes blocked' (https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked) seems to be responding very...
Hi I am reporting a problem with the execution of clickjacking exercises. I am using a browser in burp. I perform the exercises according to the solutions. Selecting View exploit I noticed that the browser blocks...
Only websockethistory is garbled. httphistory and others are not garbled. How can I fix the garbled websockethistory? I'm attaching a...
Hello I am following the solution steps provided and followed the video solution as well but the lab is not solved. When I put "X-Original-Url: /setlang\es" in the GET / . it doesn't redirect me to the localised=1. it...
Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...
I can't reliably reproduce it but it seems that sometimes when sending requests to repeater from the proxy history they aren't populated correctly. This has occurred perhaps 4 or 5 times in a day of testing and speaking to...
Hi, I cannot login to Google services using built-in Chromium, every time i try to login my Google account, i get this error `This browser or app may not be secure. Try using a different browser. If you're already using a...
Sqlmap can be run by giving --proxy https://127.0.0.1:8080 which will take alll its data through burp. However, after the recent update in burpsuite, while running sqlmap with burp proxy, getting error: [18:24:03] [INFO]...
Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just...
Hello while I was running burpsuite I noticed an increase usage in cpu, looking at the task manager I saw weird command initiated by burp invoquing chrome with a series of suspicious flags. Is this something to worry about ?...
Page 1 of 140
Your source for help and advice on all things Burp-related.