Burp Suite User Forum
Hi, i have an issue getting the solution to the lab working. Whenever i try to set the value of the csrf token with /?search=test%0d%0aSet-Cookie:%20csrfKey=8TIB6mcBo8vOoLZ1nSPocJae9QLOWMAw%3b%20SameSite=None the...
If you create a session handling rule to either add or update a cookie value for requests in some scope, it does not work as expected. The setup is: * a enabled session handling rule; * with any given scope; * a "set a...
Hi, I have created a new resource pool and changed the number of concurrent requests to 20, but the application works only with 10 concurrent requests. No other setting is changed. I can not increase the default number...
In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...
On Repeater: "value":"Викторов" On Intruder (before request): "value":"ÐикÑоÑов" On Turbo Intruder (after request): "value":"8:B>@>2" Windows 11. Settings in Character set: Recognize automatically base on...
Hello, I'm having an issue getting Burp Suite professional v2024.2.1.5 edition with Firefox. The issue is on all https:// websites. I am now able to use burp from last 2 days. I know exactly how to install the...
I can't see any WebSocket traffic history in Burp when trying the Academy Lab `Manipulating the WebSocket handshake to exploit vulnerabilities`. I've tried with the following versions of Burp in my Kali Linux...
I'm solving Labs in Web Security Academy, when I send a request to Intruder in the Position tab the target is right, I set the payload but when I launch Intruder after hours my attack doesn't work I noticed in the Restults...
After opening burp and having the program process a small number of intercepted requests (really just logging the requests to proxy history) my computer starts consuming massive amounts of resources. Specifically the Xorg...
I am trying to solve the mentioned lab, with the payload provided by the academy, by the payload isn't working. When i view the payload, the request is indeed sent to stock subdomain, but it replies with...
Hi. I noticed I solved like 7 labs, but my position in the hall of fame didn't change. I solved like 5 apprentice and 2 practitioner labs. It's already been 2 weeks without updating, I guess. Is the hall of fame bugged?
Hi everybody, Today, after updating to latest version 2.1.06, I'm no longer able to launch Burp Pro. I also tried uninstalling, reinstalling, downgrading, but I always get the same not-so-informative exception message:...
No IPv6 support for any of the collaborator infrastructure: burpcollaborator1.portswigger.net has address 52.16.21.24 burpcollaborator2.portswigger.net has address 52.16.107.92 Knowing an ipv6 source address for...
Hi everyone, it seems like the Lab "Exploiting clickjacking vulnerability to trigger DOM-based XSS" cannot be completed currently. The exploit works right away with Firefox, but it only worked on Chrome when i manually...
I'm running Burp Version 2024.1.1.6 ----------------- I have NO extensions enabled. ----------------- I have no passive scans running (I checked diagnostics to be sure) ----------------- What I'm seeing when I'm...
I am getting Safe Mode prompt saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp suite. This happens for both saved and...
burp froze and i had to force quit it, upon opening it up again, my target tab was missing. tried restroing it from the view but its not in the list, also tried restoring defualt configuration. Nothing worked
I have been trying to solve the CSRF lab for 2 or 3 hours. Even after providing the payload script correctly, it shows as not solved. I have also tried providing the solution that PortSwigger has given, but it still doesn't...
I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...
Hey folks, As of the latest update to the early adopter (2023.12.1) I've noticed when I edit a request with JSON contents, if I add an opening bracket Burp automatically adds a closing bracket immediately after (much like...
Page 1 of 142
Your source for help and advice on all things Burp-related.