Burp Suite User Forum

Login to post

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Last updated: Jan 17, 2022 02:02PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Cookies are not added to crawl and audit

Hi, Burp Suite failed badly at scanning the entire site. Why not integrate current cookies into crawl and audit? Application login feature is the world's worst app. Instead of defining cookies, there is an obligation to...

Last updated: Jan 17, 2022 01:18PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Pro in Kali VM keeps crashing

Hello, I am using Burp Pro in a Kali VM on a Win10 machine inside of VirtualBox. I have issues with my instance of Burp crashing pretty regularly. There doesn't seem to be any set condition causing it to crash, as it will...

Last updated: Jan 14, 2022 10:32AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Possible error in "AngularJS sandbox"

In "How does an AngularJS sandbox escape work?" it is indicated that "single characters are always less than multiple characters". I maybe misunderstood the sentence, but this is false for example the example given...

Last updated: Jan 14, 2022 10:16AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Cache Poisoning Lab bot problems

Hello! I now tried doing first two Cache Poisoning labs (they are great, thank you PS!). I can poison the cache, and I can trigger XSS via Cache Poisoning locally but the lab is not being marked as done. I tried even looking...

Last updated: Jan 13, 2022 03:59PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Extension API on edited HTTP Responses (IHttpListener, IProxyListener)

Hi! I'm experiencing an issue with edited HTTP Responses and Burp Suite extensions. I'm working on an application that signs HTTP requests and responses. I created a Burp Suite extension that resign request and...

Last updated: Jan 13, 2022 02:33PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

.jar warning

Good day. I get the following in the command prompt when opening .jar version 2021.12: WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by burp.a9u...

Last updated: Jan 13, 2022 11:07AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Broken Business Logic leading into restrictions bypass and Alternative Solution found for PortSwigger Academy Lab: Username enumeration via account lock

Hello! Found an alternative solution on the lab based on a bypass which I think would be awesome to present to the community. The bypass relays on switching the order of the HTTP POST parameters, which turns out to...

Last updated: Jan 13, 2022 09:54AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

No report generated after scan

I have integrated burp suite in Azure pipeline, after successful build, I do not see the scan being reflected on the UI or the report being generated.

Last updated: Jan 13, 2022 09:34AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BurpSuite Professional on Kali (ARM) running on MacBook Pro with M1 processor

Hello, I am trying to run my BurpSuite Professional licensed version on a MacBook Pro with M1 processor but I receive error: Unpacking JRE ... Starting Installer ... ./burpsuitepro.sh: 598:...

Last updated: Jan 13, 2022 08:55AM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Intruder Numbers payload can not be loaded in Burp Suite Community Edition v2021.12.1

Hi, I am having an issue in the intruder numbers payload type, I can not select it and when trying to do so it just shows the previously selected payload type.

Last updated: Jan 12, 2022 02:51PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

PKCS11 Authentication with intermediate CA

When using client authentication with a smart card, Burp Suite currently only sends the client certificate to the server. So a server, which needs the whole certificate chain, cannot verify the certificate. This is the case...

Last updated: Jan 12, 2022 11:42AM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Estimating time remaining

The scanner keeps getting stuck on "Estimating time remaining". .. please fix or tell me how to force the scan to start.

Last updated: Jan 12, 2022 09:42AM UTC | 8 Agent replies | 8 Community replies | Bug Reports

Edit the price of a product within requests

Hello: I edited the amount of a product correctly on a site and went to the payment stage, but after paying at the price I had set, a message appeared saying that the payment was unsuccessful but the money had been deducted...

Last updated: Jan 12, 2022 09:40AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Are Burp Collaborator or Burp Enterprise vulnerable to Log4j

Hi, As Burp Collaborator or Burp Enterprise are Java based and aren't bundled with the latest version of java they may be vulnerable to Log4j issues. Are you able to confirm whether they are or not? Thanks!

Last updated: Jan 10, 2022 06:11PM UTC | 5 Agent replies | 5 Community replies | Bug Reports

LABs file upload not working

Hi Recently I have noticed, that on 2 LABs avatar upload does not work. Can You confirm? 1. Server-side template injection with a custom exploit 2. Using PHAR deserialization to deploy a custom gadget chain On both...

Last updated: Jan 07, 2022 03:28PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burpsuite v2021.10.3 freeze on launch (~30% chance of happening)

java 16.0.2 2021-07-20 Java(TM) SE Runtime Environment (build 16.0.2+7-67) Java HotSpot(TM) 64-Bit Server VM (build 16.0.2+7-67, mixed mode, sharing) Burpsuite v2021.10.3 Edition Windows 10 Home Single...

Last updated: Jan 07, 2022 12:24PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

firefox error

I have followed the instructions letter by letter. inserted the certificate so fire fox would trust it. I have gone to burger menu/preferences/network/settings/ manually configure proxy with my loop back of 127.0.0.1 on...

Last updated: Jan 07, 2022 09:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Last updated: Jan 06, 2022 02:31PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Temporary files not getting deleted , resulting scan fail in Burp enterprise

Hi Team, Please find below log 2022-01-06 00:40:11 [b] INFO - Unrecognized command-line argument: --data-dir 2022-01-06 00:40:16 [b] INFO - 2022-01-06 12:40:16: REST API running on http://localhost:63475/ 2022-01-06...

Last updated: Jan 06, 2022 01:31PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 1 of 92

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image