Burp Suite User Forum

Login to post

Class Not Found: burpsuite_community_v2023.5.2.jar with Java 17

$ uname -a Linux kali-raspberry-pi 5.15.44-Re4son-v7l+ #1 SMP Debian kali-pi (2022-07-03) armv7l GNU/Linux $ java -jar -Xmx2g burpsuite_community_v2023.5.2.jar Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on...

Last updated: Jun 02, 2023 09:49PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Data is read from window.location.href

Hi We find this issue in one of our websites and we think that is a false positive. Data is read from window.location.href and passed to the 'append()' function of JQuery via the following statements: - url =...

Last updated: Jun 02, 2023 07:49PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Burp Browser automatically upgrades http:// requests to https://

I have an application running on http://localhost:3000. It does not use https, and I've set a hostname in my /etc/hosts file so that I can access it via http://myapp:3000 Any time I attempt to load http://myapp:3000 in...

Last updated: Jun 02, 2023 01:59PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Burp Browser Doesn't Work After Update

I have updated to the latest stable version v2023.5.2, and the burp browser was uninstalled from the burpbrowser directory. When trying to use the browser, the following error message pops: java.io.IOException: Cannot run...

Last updated: Jun 02, 2023 01:38PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Cache key injection

Hi, I can't solve the lab. I am sending the following requests, ----- 1. ----- First request (Please note that the Origin header has been added 2 times): GET /js/localize.js?lang=en?utm_content=z&cors=1&x=1...

Last updated: Jun 02, 2023 10:05AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Host validation bypass via connection state attack

When trying to solve the lab, instead of getting redirected back to the home page I get a 403 Forbidden. I've follow the written guide and step 3 does not behave as expected.

Last updated: Jun 02, 2023 07:16AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Lab PRACTITIONER Reflected XSS with some SVG markup allowed

Hello! I got popup window from alert() function in this lab, bit it does not marked as resolved lab. Something wrong? Payload - <svg><animatetransform onbegin=alert('hi')>

Last updated: Jun 02, 2023 06:58AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

DOM XSS in jQuery anchor href attribute sink using location.search source not solved

Lab is not solving whatever I can try to do, step by step tutorial doesn't help

Last updated: Jun 01, 2023 01:52PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

HTTP Response freezes in Intruder results table

Hi, For an intruder containing three results with status codes (200, 302, ...) How to reproduce: 1. Go to 'render' in http response of the first item - keep 'render' visible 2. switch to the item with status code...

Last updated: Jun 01, 2023 11:33AM UTC | 1 Agent replies | 3 Community replies | Bug Reports

.install4j\files.log (The system cannot find the file specified) Error While Uninstall

Hello people, I have installed burpsuite_enterprise_windows-x64_v2022_1.exe on windows server 2016 and now I want to uninstall it. However, when I run the uninstaller it gaves me an error like this and alert me it was...

Last updated: Jun 01, 2023 07:16AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

License is suddenly invalid, even though it should expire in November

Hello When opening the application this morning we found that BurpSuite is asking for the license key, and after providing the key that should be valid until November 2023 it says it's invalid. Logging on to the portal to...

Last updated: May 31, 2023 02:45PM UTC | 4 Agent replies | 5 Community replies | Bug Reports

Adding Space in Header Kettles Request

Hey, I'm going through the following lab: Password reset poisoning via dangling markup Whenever I add a space to my Host header, Burp Suite kettles my request which causes the CSRF token to not be sent along correctly...

Last updated: May 31, 2023 02:34PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Burp's CA certificate is expired

Hi, I'm able to reach out to http://burpsuite in Chrome. I downloaded CA Certificate -> cacert.der However, the file which I downloaded is the expired CA certificate which I'm not able to add to Keychain Access on...

Last updated: May 31, 2023 01:27PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: HTTP/2 request smuggling via CRLF injection - truncated victim session

Hi, It seems impossible to fetch the victim's session because it always gets truncated (see at the end): <li> <a...

Last updated: May 31, 2023 10:45AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Cannot do offline activation anymore for Burp Pro

Dear PortSwigger support, We have a Burp Pro license (for 70 activation) for very long time. When installing Burp we are using the offline-activation feature but as of few weeks ago this does not work anymore; After...

Last updated: May 31, 2023 09:10AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: HTTP request smuggling, basic CL.TE vulnerability

I can't solve lab tried many times, help here is the code - POST / HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length:...

Last updated: May 31, 2023 06:53AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

cookie flags are raised in burpscan but not in manual testing.

burp scanner keeps raising the issue(s): - TLS cookie without secure flag set - Cookie without HttpOnly flag set. However, when replicating the same request manually (either by closing the session and re-opening, or...

Last updated: May 30, 2023 11:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Cannot access labs with Burp browser

I can log to Portswigger site but when I press Acess the lab, I have an error message: This site can’t be reached x.web-security-academy.net took too long to respond. ERR_TIMED_OUT Same things happened yesterday. I can...

Last updated: May 30, 2023 11:02AM UTC | 9 Agent replies | 13 Community replies | Bug Reports

MacOS to Linux .burp File Breaks

Hi PortSwigger, I thought I would note that every time I create a .burp project file on MacOS (M1 ARM) and attempt to move and open this .bur project file onto an x86 Linux device (Fedora), I always get the 'selected...

Last updated: May 30, 2023 09:02AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Issue while registering burp professional license

Hi Team, I am facing an issue, The license key was working perfectly earlier but suddenly it is giving this error, where I am redirected to the license prompt. I also tried to activate the key manually but still got...

Last updated: May 30, 2023 06:25AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 1 of 126

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image