Bug Reports - Burp Suite User Forum

Achieve release wont install for community edition

Hey I have tried installing the previous versions of Burpsuite community edition and it wont start downloading.This is happening for all the previous releases which contains the Windows(64 bit) version. However the Pro...

Getting MOZILLA_PKIX_ERROR_MITM_DETECTED when trying to run burp.

Got this error out of nowhere as I had been running burp regularly on firefox without issues earlier in the day. I ran into the same problem on chrome as well. I have deleted the certificate, cleared the cache, unistalled...

https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft

The lab(Subject line) does not put output after trying multiple payloads even interesting is the fact that the solution provided also does not work as a solution. Have been stuck and here. The lab is : SQL injection attack,...

Context Menu Sometime Not Workig In Release - 2022.7.1

Hi Team, I recently updated to Burp Pro v2022.7.1. I noticed that sometimes the second level context menu don't work. Steps to reproduce: 1) Intercept a request 2) Then right-click to get the first level context...

Cursor pointer not on-point

Burp jar - burpsuite_community_v2020.5/Windows 10 Pro/Open JDK Latest version, In repeater cursor is not following entered chars after 5/6 letters. This is happening only in executable jar version & not in installation...

Failed to start proxy service on 127.0.0.1:<ANY PORT>

Hi, I am having an issue where Burpsuite will not bind to any port on localhost e.g. 127.0.0.1:8080,9999 etc. OS: Windows 10 Browser: Firefox Error message: 'Error "Failed to start proxy server on 127.0.0.01:<ANY PORT...

Academy lab do not update status randomly.

Hi, I see a problem with the update of the state of the laboratories that I finished correctly. They are randomly shown as unsolved. It is happening to me in SQLi and JWT attacks. Thank

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Issues with Burp Suite Enterprise Edition deployed on GKE

Hi We have deployed burp suite enterprise edition on GKE and run an automated schedule on weekly basis. Can you please let us know how to fix below error mainly due to "browser crashing" which fails whole scan ?...

Burp's Cookie Jar Handles Cookies Differently to Common Browsers

I have an interesting "bug" for you. I was testing a website that set a session cookie upon login. When logging out, the application set the session cookie to '""' (i.e. two double quotes) rather than an empty...

CORS failure

I am using burpsuite professional at my work and testing the client web application. I am facing problem with burp v2021.8.3 which is failing coz of CORS failure. I am getting the response from application in proxy but...

net.portswigger.devtools.client.ah: Unable to start browser:

I am sorry, I am new to BurpSuite and am trying to use the Community edition on Windows/10 64bit. I am on the "Proxy" tab and have "Intercept is on". When I click the "Open browser" I get this error message: Burp...

Google "This browser or app may not be secure" error

Hello - When attempting to authenticate with accounts.google.com on the built in Burp browser, I am getting the error: Couldn’t sign you in This browser or app may not be secure. After entering email address in...

pcsc smart card support Linux not working anymore?

Hi there, there is a problem with the feature 'User Options>TLS>Client TLS Certificates>Hardware token or smart card. The feature only seems to support "legacy" fat pcsc driver implementations, whereas most modern pcsc...

Solution to Resolve JRE Appears to be a Version 17.0.5 from Debian... Error Message

Hi Burp Suite Team, Is there a solution to fix this message that pops up when I launch Burp Suite Community Edition v2022.9.6? JRE Appears to be a Version 17.0.5 from Debian Burp has not been fully tested on this platform...

BApps do not use/update Cookie Jar in Active Scan

Hi. Working on an app with particularly aggressive session management. Session timeout is short and even with regular 'keep alive' requests the original cookie value becomes stale, the newly issued value must be used. Tried...

Internal cache poisoning unintended way

Hi, I solved the internal cache poisoning lab while I was testing the inputs. I recorded a video to show what I did: https://drive.proton.me/urls/0C3VH6VN10#RpZcgYTH5CmI

Lab "cors/lab-internal-network-pivot-attack" broken?

Hi, Issue with: https://portswigger.net/web-security/cors/lab-internal-network-pivot-attack The lab behaved pretty weird for me, not sure what's the issue. Solutions I tried: - My own (for 6h) - Official...

Bug in makeHttpRequest when handle multiple redirect requests

Hi, I have a custom extension that perform an Oauth2 authentication before start an active scan. This extension work fine right up to the version 2022.9.5. The issue I seen happen when follow Oauth2 flow by calling to...

Academy Mystery Labs - File upload challenges are missing /home/carlos/secret

I have noticed that all of the Mystery challenges for file upload vulnerabilities do not have the required '/home/carlos/secret' file. This makes it impossible to submit the solution. Steps to reproduce: 1)...