#burp-suite-module

🥳

horray! 😄

♠️

💯

LOL I just completed all of this a few weeks ago! Nothing wrong with new updated knowledge though, not complaining 🙂

A small point about burp intruder and anti csrf macro: isn't it better to also use a pool with no concurrent requests ? results seems erratic using the default pool (it works but may be confusing) - not sure if this is caused by other settings elsewhere tbh.

Lets gooo

horray!

Any reason the modules keep resetting or is this just a me thing

The 5 rooms in the Burp Suite module were replaced with new rooms, so it appears as if the rooms were reset. This phenomenon is only a one time event though.

guys, Is BS crawling mode only for the professional version?

In Burp Suite: Intruder Room, Task 4 Payloads, from checking my notes, the old room used to talk about "adding suffixes" to the payload processing. The new room doesn't mention the word "suffix" at all, which would make it hard to answer the question. https://tryhackme.com/room/burpsuiteintruder

oo thats why reseting?

I changed the resource pool to add 1000ms delay between requests and got all 302s

someone knows how to set up burp with foxyproxy for dvwa

if you can help me dm so I can respond quick please

i had the same issue with mine, came here to mention it, didn’t even think to add a delay

should be exactly the same? what’s not working about it?

Well when I put the proxy for burp in foxyproxy 127.0.0.1 port 8080

I just can’t load the site dvwa

And the proxy is well set because I can access http://burp for the certificate

Maybe it’s because my dvwa is set on a docker but I looked and the port open is 0.0.0.0 -> 80 so that means it should be working

So yeah idk what to do

It aint docker but this is the way I did it in kali last time, up and running pretty quick: https://medium.com/hengky-sanjaya-blog/dvwa-installation-4e52f10473daut

Afternoon, I am going though the Burp suite: The Basics, for task 10 (Site Map and Issue Definitions) I can not get http://MACHINE_IP/ to load, what am I missing? Thanks.

offhand, it looks like you need to start the machine (in Task#9) and wait a few minutes for it to begin all services.

I am running MrRobot lab and the burp suite is giving an error which looks to be because I am trying to run it as root user. Can we create new users and then login as them? on the tutorial it just works

If you can share a screenshot please, assisting you would be easier. You'll need to verify your account though before doing so.

!docs verify

Thanks, It turned out I never required Burp suite anyway.

Gave +1 Rep to @ionic thicket

Hello. I followed the all of the instructions at 'Intruder' room. But 403 response was caught at my page 😦

How can I see only 302?

I solve the problem at the forum 🙂

but Why we use threads 1 instead of no default 10 in Intruder Resource pool???

Morning, I am working on Burp-suite: Repeater: Task 6. I am re-doing the module due to the update. No matter what I do, I can not access (http://machine_ip/) my laptop will not let me. What do I need to change to be able to access this information.

Did you start the machine?

Yep

Did you use the green start machine button?

Yep

And it still says machine_ip?

Finally! I had to play around with the settings in the VM. It kept saying Host not found, so I changed some of the security settings.

hi does anyone know how to fix error 405 on burp module when trying to access machine ip? 🤔

Is burp using the proxy?

yeepp got the proxy on per the room

Try forwarding the request then?

yep! i try to forward it on burp

but i get this on the browser

oh, not able to attach images i think.

"Error response

Error code: 405

Message: Method Not Allowed.

Error code explanation: 405 - Specified method is invalid for this resource."

!docs verify

I think that's the wrong IP you're using.

its the one provided to me by tryhackme on the top right? next to my profile

You'll find it when you start the machine using the green start machine button, it will give you a box in the top of the screen.

yeah, that's the one im using

I stuck in question "
What is the overall quality of randomness estimated to be?" pls hint for me

finally got that, omg

Is there a substitute for burp param miner for owasp zap ....

To identify hidden headers for web cache poisoning

same problem, how did you solve it?

How to intercept response that includes JavaScript code from web server

?

I dident find a fix for it, mostly because when i found the awsner i realised it wasent near what i got out form the search. So my best hint go to reddit

how do I use my own browser on my virtual machine along with burp suite to connect to the website. It's just hanging for me

i just get an error failed to connect on port 80

it says to check the sitemap but I don't find one at sitemap_index.xml

nevermind im an idiot

Yeah. I solved it

I manuplated some parts to 10!

You need to use a proxy on the browser

Like foxyproxy

I just solved it too, I asked chatgpt too there might be some rate protection measures on the site, I fixed the issue by changing the request delay to 500ms

That's nice!

Thanks for that update @short cosmos I have looked for the solution a long time

Gave +1 Rep to @short cosmos

im looking at the sitemap and nothing looks out of place?

BurpSuite Basics

Hi ! I might ask a question that has already been answered, but I am doing the Jr Penetration Tester path, and I had already done the Burp suite rooms, and now I have to do them again. Who should I contact to resolve this issue ? Or is it normal ?
Cheers

The Burp Sute modules have been refreshed and relaunched that's why it appears as 'not completed'. So strictly speaking, those modules are 'new'.

In case anyone else is getting a couple of 403s in the Burp Suite Intruder room, please let me know 🙂 Thanks

Fellow white hats. I have some trouble in the Burp Suite: The Basics Room.

The problem occured when doing Task 10 and 14.

During Task 10 I could not check sub domains I had to turn off the interceptor then clicked around and then I found the weird name and the flag but it felt wrong

White hat? Oh yes, of course.

Let me pull those up again and take a look.

And then in Task 14 it just didnt work. First the whole Attack box was frozen and I had to start again but then it just didnt work. I used the Burp Browser and interceptor was on (since I already had a similar problem in task 10 I believe it is the same problem) but it just differed from what the Room describes and what I saw in some videos doing the task. Basically when I press forward it just didnt forward.

Are you using the browser proxy (FoxyProxy)?

I followed the room so I used foxy for task 10 then switched to the burp browser since the room wasnt clear what he wants

also this was yesterday let me start it again

And were you able to complete task 10? One stands out in the HTTP history tab after visiting the website pages.

The browser proxy is optional, personally I prefer to use the Burp Suite browser just to keep it simple. It may work better for you.

Yeah, I would give it another try and see if it was just a fluke.

WEll the room introduced it afterwards let me try to reproduce the steps

didnt expect real time help

ah yes now I remember: since the room didnt introduce scoping yet I was kinda confused

so I start burp the interceptor is on

I allow the usage of burp browser

I visit the site

and ofc I cant click around

so how am I supposed to find the weird website

I beleive yesterday I just turned the interceptor off then clicked around freely and then the site map had all sub sites including the suspicious one

as I said I found the flag but it felt it was not the intended way

Nope, you did it correctly. Interceptor OFF, browse and check the sitemap. 👍

oh ok gotta say the room could have mentioned that

ok let me try to reproduce the problem in task 14 brb

Ngl, there is certainly room for improvement in some of these rooms.

ah yes I remember: first in task 12 I followed the steps and the room asked if I see the difference. Gotta say no I dont see a difference that already was a bad sign where should that difference be?

So it's referring to the traffic getting caught by the proxy, you wouldn't actually see the difference unless you go thru the website before and then after.

ok I guess that one isnt that important. So now for the final question is task 14

so I prepared the scping

the 2 AND boxes

intereceptor is on

I go to the ticket website and ofc get interrupted

So I forward now

It sounds correct. Load the ticket page, turn interceptor ON, submit fake data and inject the script before forwarding.

I can now do my ticket. I write the legitim email and ticket and submit

must I do one more forward now?

Yes, you would forward it.

After modifying with the script.

wait

that is the problem

I type in the normal email and normal ticket

click submit

then I check burp

and the
email=pentester%40example.thm&content=Yolo thing isnt there

it appears when I forward once

I would restart Burp Suite and start on task 14.

Visit the ticket page, turn interceptor ON, submit data on form and it should catch it. be sure to encode it too.

ok now I effed it up real hard now I cant browse anymore even when forwarding

ok I start new

ok now step by step

interceptor is already on shall I turn it off?

Yes

I would, after loading the ticket page then turn it back on just to make it simple

and the 2 AND boxes? shall I check them now?

I cant scope the site yet since I wasnt there yet

Nope, you shouldn't need to check those or add to scope for task 14+

ok

ok mixed feedback

this time the moment I submit

burp looks like on the pic in the room

that is good

I replaced the email with the payload

Perfect, and CTRL + U to encode before forwarding

did the ctrl u thing and the color changed

I forward

and in burp I got weird red lines

however the browser did not open the success window

I am very confused

I just terminated my machine, I believe after you forward it should show the pop-up.

wait wait what

Yes, so this is what it should look like before forwarding, and then there is one more to forward and it should pop up the alert box for success.

it does

I mean it does look like that

Oh okay, awesome.

no not awesome

it looks like that

then I forward

the burp changes to

Cookie: session=.eJxljbEKwzAQQ3_l0NRCIEO3YLJ39lJoQjnsS2qwk- and so on

and the browser didnt open the window

Yep, after you forward the script there should be one more you forward and the pop-up should show.

well it doesnt

I copy the payload

I mark it

do ctrl u

it changes slightly

I press forward

burp changes and the browser doesnt change at all

I even split screened the windows

And your even using the Burp browser?

yes

all in the attack box

It may have something to do with the attackbox. I use the openvpn option and run Burp on my machine so it may have different settings.

The goal of the task is to demonstrate how easy it is to bypass client-side filtering.

Is sounds like we both did the exact same thing but for whatever reason your attackbox didn't show the alert msg.

does your burp also say Cookie: session= blablabla

Yes, it does as well.

I don't believe your doing anything wrong, it may be the attackbox.

hmm I have a Kali Linux vm here maybe I try it there

but now I need a break

oh well thanks for now. Peace

Thank you for helping out. 🙂

Gave +1 Rep to @wispy valley

hi im having an issue with task 15 burp suite - the basics

I am usingthe attack box and i go to the form - enter the information and hit submit

i am using the burp browser

intercept is on but it is not catching the data i am sending. i have to press forward then it is catching it.
so then I go to edit and insert my script - but since I already forwarded it my alert doesnt trigger...
can someone help me with this? TY

task 15 in basics has no problem

oops i meant 14

scroll up and you can read a step by step attempt to solve it. At the end it still didnt work for me but maybe that helps?

#burp-suite-module message

For task 14, sorry I can't find the answer in this thread - when I turn intercept on the page won't load, am I missing something? I've triple checked all the settings etc but can't figure this out.

See above. Seems to be bugged

Well ofc it doesnt load you intercepted it. You gotta manually forward it or turn interceptor off until the crucial part comes

Burp Suite: Intruder room, Task 12 doesnt work unless you do it from attack box! Any idea?

Hello my friend, how did you solve this plz?

I am getting many 403 errors at the intruder room: Extra Mile challenge - Task 12

#burp-suite-module message

not the same problem ... I guess

and ty

@ionic thicket

Hello guys, Any idea about this?
@frozen bay
@cursive shore

It sounds like your macro is not setup properly. I would go back through those steps and ensure you follow it precisely. Task 12 is covered very well but if something isn't set right with the macro you get 403s.

Especially read the part about "use suite scope", because you may need to manually add to scope if you didn't already.

I hope that helps, I'm pretty sure that's gonna be the fix for the 403 errors. Just lmk if your still having issues and we can work thru the steps.

its not about this, I get some 302 and some 403, its the same micro stuff but it only works on the attackbox!

@frozen bay

If you followed the same on the attackbox and it worked, I'm curious if it is some type of network block or restriction maybe?

I'm pretty sure I used the attackbox when I completed that room so I didn't test it using OpenVPN.

I'm sorry your dealing with that issue though, it sounds like you were able to at least get around it using the attackbox. Once the room is complete, you can click on the pop up and leave room feedback as well.

ty ty

found the solution @frozen bay

it is about making the number of threads 1, at Resource pool of the intruder! and this was never mentioned in the whole burp suite module!

!!!!!!!!

Hello. I read the forum of that room! You can refer to that one!

can you mention it plz? I found nothing

Hi, Im currently on burp suite: the basics and I am unable to reach the website http://10.10.37.99/. Anyone know what the problem is?
Thanks!

Attackbox or VM?

Attackbox

what task are you doing? Is the burp suit interceptor on?

i just noticed this channel - i was doing the juice oswap room and it got to a point were i was supposed to intercept a log out and view the headers .. but for the life of me i could only see the tabs for raw and hex and no headers tab.. am i missing something?

I want to alert that in the complete beginner path thre is an old reference to burp suite basics room (non the updtated one)

Bro can you tell me the answer? there is a bug that doesn't let me select "Form Field" and therefore doesn't give me the answer I need to enter.

hi idk if this is the right place to ask for that but I have trouble with burp suite I'm in the room file inclusion and I figured I had to use burp suite to change the cookie to the site to make the site believe I am an admins so I open burp suite and I intercept the request on the browser built in burp. I change the cookie and the site just start loading for ever idk why

maybe I can change cookie without using burp so I can move on to this room but I really want to use burp suite I know it's gonna be useful in the futur

if it can help each time I'm launching it I get this message

I'm on kali linux and it's up to date

like as soon as I turn my intercept off the site load perfectly

I don't understand I'm doing something wrong for sure but idk what

That is how Burp works, if the intercept is on the page goes to Burp not directly to load into the browser, you can then modify the request within Burp and then send it off to the site to load with buttons like "Forward"

thank you very much you cannot understand how long I spent configuring foxy proxy and trying to understand why I could do intercept and loading a site at the site time I really thought I had an issue on my pc

Gave +1 Rep to @dusk scarab

With Foxy Proxy being broken since its last update, has there been anyword on when a fix will come out?

Not sure.

Thanks,

Will keep using burp browser fornow

Gave +1 Rep to @vapid field

Or you could also revert to the previous version prior to the update (if you're more used to FoxyProxy).

@ionic thicket @ionic thicket

That's a great idea. I didn't even think of that.

I followed the instructions I saw on this medium post -

https://medium.com/@Dpsypher/restoring-foxyproxy-revert-from-the-horrible-forced-update-69505c11d5ec

unsure if correct place, but does anyone know why I'm getting this error on burpsuite on Kali when I try to open the integrated browser? I've tried updating burpsuite too

are you running burp as root???

because if yes that is probably the cause

Hi all,

I'm having some issues completing the burp module, particularly the extra mile challenge and live capture

Can someone help a fellow cybersecurity student?

You need to be more specific. There are four modules, two of which have extra-mile challenges. Provide more detail and someone will answer (Discord is typically asynchronous in engagement)

i remember that mystery bug from a month ago when i went thru it- way to find the root cause! So the default setting in Burp's resource pool is multi-threaded, causing some of the requests to hit the server too fast, causing the 403's? (speculation)

Yeah I guess so, because if you change from multi-threading to a single thread it works, maybe it is just the server cant handle multiple requests at once

very likely, Ive noticed a lot of these rooms are built with very minimal resources. for example, I managed to crash the new ssrf room by just running feroxbuster - i think they are trying to teach us to use velvet gloves;)

yes could be, and some of them pass it if you are a subscriber

hmmm maybe 🙂

https://tenor.com/view/cat-typing-cat-typing-fire-fire-gif-3192016087994715294

for the labs, i guess im kinda set in my ways;)

good work 🙂

im running foxyproxy 8.8 (latest? ) runs as expected in Firefox (latest)

There are some cases that it doesn't unfortunately. Had to revert to a previous version myself.

In the Other Modules - Task 8, it states I have to select the Form field radio button. I tried several times, even with new VM's and attackboxes, but every time this radio button is greyed out, see picture:

Hej!
Is there someone who can kind of explaing to my this command?
/about/0 UNION ALL SELECT group_concat(column_name),null,null,null,null FROM information_schema.columns WHERE table_name="people"
This is related to the Burp Repeater module.
Im not so familiar with SQLi and I only have the basic knowledge from SQL basics module

Why there are 4 "Null" especially?

Union combines the result of two or more select statements. Since the application already has a select statement, the union makes it possible to extend the first statement with a new select statement of your own. The caveat is that both select statements need to have the same amount of columns returned. Thats why you fill the second select with null, null... until you reach the same amount of columns as will be returned by the first select statement. You use group_concat() here to concat all the information you need in one column. Then the FROM part is which table you select the information from, which is in this case the table with all database meta information. The WHERE is to make a selection based on your provided statement.

Thanks man!

you're welcome 🙂

I got it working by fetching the same request in the proxy and changing POST to GET, then sending it to the sequencer tab. This is not mentioned anywhere on the site.

Hi all! Noob alert... I posted in #room-help but I link it here too: #room-help message Thanks to anyone who can clarify!

Scrubs told you what to do here. #room-help message You need to start the victim machine (which is separate from your VM) with the green 'Start Machine' button

Thank you for your reply! That was the case in the OpenVPN room (https://tryhackme.com/room/openvpn#) where I'd connect to the network via VPN, start the machine to attack on the same subnet and be able to see it. That worked fine. But there's no Start machine button (that I can see) in this room https://tryhackme.com/room/burpsuitebasics...

Gave +1 Rep to @dusk scarab (current: #46 - 156)

... ok I take it back: found the button, all good, thank you again and sorry for being silly 👼

I'm currently on Task 10 "Site Map and Issue Definitions" in "Burp Suite: The Basics". I use my own VM with Parrot which is successfully connected via OpenVPN. The target machine also started successfully. I can also ping the target machine in my VM.

But when I try to open the website in Firefox, it loads endlessly. This happens even if forwarding is deactivated in FoxyProxy.

If I do a "curl 10.10.165.192" via the terminal, nothing happens for a long time. Then i get the error “curl: (56) Recv failure: Connection reset by peer”. But what works is a “curl www.google.de” which I don’t think should actually work in a VPN.

Could it be that web requests, for whatever reason, don't run over OpenVPN? If so, does anyone know how I can change that?

But the test URL 10.10.10.10 works. So it can't actually be a problem with the VPN.

The VPN doesn't change your browsing.

all it does is allow your connection to commumicate with the THM machines.

So the target machine has a problem and I should restart it?

try it

mmmh strange in Attack Box the Website loads

But that's illogical. The 10.10.10.10 in my VM works. But the target machine 10.10.165.192, which is accessible in the attack box, is not.

Are you using https?

no

Use in VM and in Attackbox same URl "http://10.10.165.192"

I'm going to boot up my VM.

Whilst I do so.

Can you ip a | grep "tun" for me please.

The website loads for me.

tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500 inet scope global tun0

One VPN which is good.

Can you post ascreenshot of the web browser?

sudo ip link set dev tun0 mtu 1200

Try this command, then re-try the ip.

Ok, that's what you told me when I had the problem with the FTP. The website is now working. How can I make this permanent?

#site-support message

ok thx

I am on site map and issue definitions part of the burp suite module . I am facing a problem i.e when i run the target on the open browser , the site map is not showing anything

can anyone help with that?

connect to the burp proxy
disable intercept
click around the website to go to all the pages
check the sitemap in burp
see if you see anything that sticks out as weird unusual name for a page
go to said page
get flag

the sitemap still ain't showing anything

follow the guide in that link and then post a screenshot

@thorn blade also for the love of meeps don't randomly send dm:s and friend request to people on here
it is in the rules

can u help with that sitemap thing?

.....

post a screenshot of the sitemap thingy is what shadow meant

can you click on proxy???

and can you show if your browser is connected to said proxy???

yeah

intercept is on....

press the open browser button and turn intercept off then do what shadow told you above about how to explore the site

It's done, thanks

I am having problems loading the sites mentioned in the burp suite basics part although i am connected to the proxy and to the right IP address.

this is what its showing . could somebody help with that?

Hi check your url. Put the machine IP on address bar not machine_ip

And make sure it’s http not https

you need to hit this button in the task with this green symbol:

then this box will pop up above the tasks:

which will give you the ip you need to connect to after waiting 1 minute

though you need to be using either the attackbox or your own kali vm with the vpn to be able to access said ip

I did , I started the machine , connected to the IP address and the attackbox still the error is showing

I have entered the ip address not machine_ip and it is http

Could it be due to a firewall?

Burp like to force using https on intercepting you must check if burp forcing it or not.

Checked , it's not

when i am entering an ip address , i am getting an error but if i m entering the domain name , the site's getting loaded

any idea why is that happening?

Hi all - I went through the burp suite modules and am curious on something as I did not see it in there. For the real world if a company has a firewall/account lockout setup, is there a way to "time" an attack(sniper, clusterbomb, etc) to check X users of the list with a specified password every X minutes so it's not spamming and potentially locking out users or raise any alarms?

you can specify the delay between requests. Is this what you're looking for?

I've been at this for almost a half hour. I had intercept on thanks

Does anyone know how to fix burp suite, not forwarding websites?

it will let me drop but not forward

Is intercept on and FoxyProxy, yeah?

Anyone else experiencing this issue?
https://discordapp.com/channels/521382216299839518/748285185803419668/1240321717084098560

Could someone please help me with this question: Room: Burp Suite:Repeater, Task6: Practical Example. I have gone through the room as guided in the task, the only trouble I am facing is that I dont know how or where to look for the flag. I would be very grateful if someone could help me with this.

In the web server's response on the right side.

This is a screenshot from a later task, but it should look the same.

Got it ,thanks .

did anyone find a solution for this (vpn doesnt work)

"machine_ip" won't work for a very sppecific reason.

i used the machine target ip address dw lol

it just gives me the same error as him though

What IP are you using?

10.10.26.114

that's the target ip

Do you have intercept on and FoxyProxy enabled?

yep i do

Then you need to go to burp and forward the request

tried it and it still just gives me the error

It's working ok for me.

Do you have the VPN active?

yeah it's still not working

Can you do ip a | grep "tun" ?

i am on windows 11 tho

Ifconfig then.

Would not suggest using your host though

wdym

You're putting your host os on the network. I wouldn't.

is it dangerous even for thm tasks like these?

You're connecting your host directly to a network full of hacking students. Potentially, yes

Although THM teach Cyber sec.

I wouldn't take the chance of exposing my host on to the host that you won't encounter a black hat or two.

"Students" being used very loosely given anyone can sign up, regardless of skill level

Everything is monitored, still though.

Wouldn't take the chance.

Everything is monitored, still though.

Is it?

Since when?

those are some good points yeah but my laptop aint too powerful to run a guest os rn so other than a vpn what else can i do tbh

That's why the attackbox exists 🤷‍♂️

Use the attack box as an alternative.

is there a way to make it connect to the internet?

Give THM money

(Internet access on the AB is available to subscribers)

really?? i am subscribed i didnt even know that lol

You should have a public IP assigned then, assuming that hasn't changed

It's not.

Still there.

why does firefox have to trust the Portswigger certificate for identifying mail users in order for it to allow proxy traffic?

hi
i am on the repeater task 7 and i dont understand where we should change the number? i got 405, 404 and 400 but not 500

oops nevermind 🙂

I'm stuck on the question where it asks about the "Cookie Jar" in the Burp Suite. I can't find it for the life of me, and ChatGPT is no help, as I've tried its answer. What is the answer that has been eluding me for longer than I'd like to say so that this green-hat can continue on her journey?

The hell is a green hat?

add the host with the corresponding IP to your hosts file

linux: /etc/hosts

windows: google.com/?q=windows+hosts+file

Good idea, but not actually the problem here.
machine_ip indicates that they haven't actually started the target

i.e., there's no IP to map

im so lost on task 10

@vapid field ^

What for?

Hello, everyone! Silly question: is Burp Suite really difficult to learn? I am creating a project for my resume: Run Vulnerability scan w/ burp suite

No, it isn't 🙂

Thanks for responding 🥹

Gave +1 Rep to @wind prism (current: #2 - 2459)

You have a great module on THM teaching Burp from basics to more advanced features 🙂

https://tryhackme.com/r/module/learn-burp-suite

Perfect! I will start this tonight. Thanks!

Also , don't skip Burp's Web Security Academy , it's free + very detailed and only foucses on Burp + Web vulns. 😄
https://portswigger.net/web-security/

Thanks

Gave +1 Rep to @wind prism (current: #2 - 2460)

Also check out what's going on in #bug-bounty channel , we often discuss burp there 🙂

Hello, im trying to install burp suite community version on Debian (virtualbox)
When i want to open browser it says "your OS does not support Burp's browser running with its sandbox enabled"

Try to go to Burp's settings > Burp browser and check the option called " Run Burp's browser without a sandbox " 🙂

Is it safe? I am only a beginner dont want to mess up anything😏

Yes it is 🙂

Thanks KGB👍

I mean, that setting is there for a reason. The browser sandbox blocks access to system resources (e.g., the filesystem or network). It's the thing that stops XSS from being system-level RCE.
So, no, it's not safe.

In a training environment you're unlikely to have anything bad happen, but...

Then again, treat it as a hostile network full of hackers.

Fair enough. Thanks.

Gave +1 Rep to @quiet narwhal (current: #10 - 840)

You're right but that's the only fix that I found that will allow built-in browser to run on VM if it doesn't want otherwise 😄 . I prefer to use Burp + browser proxy but some people prefer/insist on built-in browser .

Burp browser is good. I tend to use it at work. Running as root on the attackbox is poor practice, which is what causes the problem. The ideal solution would be to fix that, but I doubt that'll happen 😄

As long as people are aware of the dangers, well, it ain't their machines in the firing line 🤷‍♂️

Oh. Hang on. That's a local VM the user was asking about lmao
Yeah, they absolutely should not be doing it that way. Do not daily drive root. That's the solution

How can I set up the burp in Parrot OS? I installed the community edition. How do I configure it with a Foxyproxy? I tried several times, but Firefox doesn't show the interface of any websites!

i also added the burp certificate in browser

Check out this resource 🙂
https://portswigger.net/burp/documentation/desktop/external-browser-config/browser-config-firefox

Free or subscriber

It is free to install a certificate in Burp 🙂

free?

.99

Hello, i am trying to use burp suite with https, tho it fails giving me this error
NET::ERR_CERT_AUTHORITY_INVALID.
I have tried everything can anyone help?

You probably need to install certificate , check out this article 🙂
https://portswigger.net/burp/documentation/desktop/external-browser-config/certificate

Really good module. Explains better than the sans course I’m in.

If the author is in this room, thank you!

Yw

Need help with the module called Burp Suite: The Basics

Problem: I've been stuck on Task 10 for like an hour maybe two. The hint for the flag says "You are looking for a suspicious page with a name made up of a series of random letters and numbers." I have clicked literally everything and nothing shows up as weird.

And, I just now found it

Make sure to disable interceptor while doing so , you can also launch crawler to do it automatically for you

with vpn chromium is so slow

On my pro computer (my employer's one .... 😮‍💨 ) , the burp suite chromium browser never displays anything (Community version) : pure white screen !^^ I still have my own computers where the burp suite is working well, but I'm not always homeworking so ... I wish it could work well also on my pro computer. Has anyone ever happen to have a white screen on the browser whatever URL you try to access ?

I am actually questioning, does your employer not make a fuzz about having Burp suite on your work-computer? Depends on the context of your profession of course 😃

Well isn’t the best strategy to know one’s own weaknesses from the attacker’s point of view ? I was thus able to show them the attack surface in order to reduce it, and we are still sanitizing, escaping and encoding endpoints data and forms ... so yeah ... if I hadn’t committed to not asking, I would ask for a raise !!! 🙃

I'm a blue teamer i wanna start learning about buy bounty so can you guys tell me where to start? Thanks

Hi, could someone explain the following to me? I have a question. If I pay for TryHackMe Premium and I'm in the Burp Suite module, when I log in to the TryHackMe server, I have unlimited access because that's what I'm supposed to pay for. The session requires Burp Suite Pro because the free version doesn't have the macro option, but in the module I'm working on to finish it, I need to use macros, so I don't understand.

I'm a premium paying user, when I log into the "Burp Suite: The Basics" premium room (just tried it for you), the hackbox machine has the Community Edition of the Burp Suite, which is the free version.
I've finished this module long ago, but I can't remember needing anything anymore than the Community edition ... it went smooth and clean on the Community edition. The Macro is a mass automation way on the intruder and other BS modules, on my POV, you don't need it in here as it is just the "Basics". I can't recall of anything complex, sorry.

why i cant intercept JS ? its from the upload vulns room

https://tryhackme.com/path/outline/webapppentesting

Check this path 🙂

S

Hello guys i need tryhackme coupon code

hello

CTF Team Recruiting

Looking for self-driven people.

Beginners welcome if disciplined - no spoon-feeding. Open to everyone.

Dm For applying

Can anyone help me to perform some action on a website , I have the vulnerability but don't know how to exploit

Hi guys can you kindly assist me with this

Encode this phrase: Encoding Challenge.

Start with base64 encoding. Take the output of this and convert it into ASCII Hex. Finally, encode the hex string into octal.

What is the final string?

Can you provide some shots of what you're trying to do 🙂 ?

Hi, is it possible to get free Burpsuite? Communitiy version is too slow for some tasks.

Not possible unless you pay for it.

If you are referring to Intruder's rate limitation, you may want to have a look at Burp's extension Turbo Intruder https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988
Showcased by Tib3rius https://www.youtube.com/watch?v=1JG5tQ31fa0

Alternatively, Caido has no such limitation.

Hey

How can I break into admin dashboard using burpsuite attack

Which room are you looking at?