You can set-up NoVersionMapper https://stackoverflow.com/questions/8602489/delete-version-number-in-url
from mobile (sorry for typos ;) On Sat, Jul 31, 2021, 22:39 vahid ghasemi <vahidghasemi...@gmail.com> wrote: > Hello > I have a login form with a captcha. > I tested my form with Burp suite (penetration test tool). > in Burp I can send header requests a lot of time for brood force(just > change password). > this problem is because of the number at end of my > URL(localhost:8080/login?1). > so with this way attackers can bypass captcha. > how can i fix this problem. >