Burp Suite User Forum

Login to post

Batched (or stacked) queries SQLi

At https://portswigger.net/web-security/sql-injection/cheat-sheet chapter #Batched (or stacked) queries it is written: "MySQL Does not support batched queries." Perhaps I understand it wrong, but when I'm starting a...

Last updated: Jul 05, 2020 08:43PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

IndexOutOfBoundsException

$ java -version openjdk version "12.0.2" 2019-07-16 OpenJDK Runtime Environment AdoptOpenJDK (build 12.0.2+10) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 12.0.2+10, mixed mode) $ java -Xmx2G -jar...

Last updated: Jul 05, 2020 06:54PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Rate limit bug

Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious...

Last updated: Jul 04, 2020 05:43PM UTC | 1 Agent replies | 4 Community replies | Bug Reports

Enterprise API Custom Configuration Failure

When I create a custom configuration I am unable to use the Custom Configuration with the API to execute a scan. The call is "curl -vgw "\n" -x POST 'https://[myburpscanner]:8443/api/[user api key]/v0.1/scan' -d...

Last updated: Jul 03, 2020 11:32AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scanner doesn't report previously found issues

When performing a second crawl and audit on the same website, the issues are not included in the results. The detail show that issues have been found in the app header, but they aren't loaded in the results. You'd have to...

Last updated: Jul 03, 2020 10:35AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

It was observed that password and security answers are in plain text when captured the request in burpsuite

Hi Team, We have developed application using .net.It was observed that password and security answers are in plain text when captured the request in burpsuite. how can i avoid showing password as plain text? Please let...

Last updated: Jul 03, 2020 09:44AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

iOS 13 + Burp SSL Certs Not Able to be Fully Trusted

I've followed the appropriate steps to fully trust the burp cert, but as of iOS 13 this does not work and HTTPS requests fail. Looking at iOS 13 release notes, I found this: https://support.apple.com/en-us/HT210176 -- I...

Last updated: Jul 02, 2020 02:10PM UTC | 27 Agent replies | 53 Community replies | Bug Reports

Lab "Exploiting blind XXE to exfiltrate data using a malicious external DTD" failing

Hi Support Team, It looks like this lab is not working pretty fine. I have been a long while trying to solve it. Even more, I went step by step to the solution and the result I am being returned is not being accepted by the...

Last updated: Jul 01, 2020 08:27AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Unable to reply back to a created forum post

Unable to reply back to a forum post , anti forgery token issue

Last updated: Jul 01, 2020 07:28AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Web academy lab issue

Victim never makes call to forgot password through exploit url or it is not shown in access log reference : https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning

Last updated: Jul 01, 2020 07:28AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Copied Project uses first request in repeater rather than last made

When a project is copied, after loading it, all the requests in the repeater tab use the first request made rather than the latest. This create a very annoying situation when loading it the copied project for the first...

Last updated: Jun 30, 2020 10:23AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Opening Existing Project Stalls - 2

When we open an existing project and choose a file and click on "open" the application gets stuck over there with "open" button having dark theme highlight. Does not open the project. Need to go back to previous window where...

Last updated: Jun 30, 2020 09:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Password reset poisoning Lab issue

Victim never makes call to forgot password through exploit url

Last updated: Jun 30, 2020 07:22AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Content discovery is not directly mapped to site map

Hi, Performing content discovery and looking at the Site map of the discovery process one can see that the items found are not reported directly to the main 'Target Site Map'. In many cases and with the current...

Last updated: Jun 29, 2020 08:48AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Pro API Scan Error

Dear Support, We are facing a problem, not sure if it's an issue or we are doing something wrong. The scenario is the following: 1. We start Burp and REST API Service 2.POST a scan to url "https://example.com" 3.We...

Last updated: Jun 29, 2020 08:02AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

IMessageEditor does not show markers

When I set up a marked request or response for a IMessageEditor instance, it does not appear to be honored. The editor loads the message okay, but there aren't any markers on it. So if I do something like this: int[]...

Last updated: Jun 26, 2020 09:27AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Unable to load JAR file

command to initialise burp: java -Xmx1G -Djava.awt.headless=true -classpath "headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar;burpsuite_pro.jar" burp.StartBurp burp version:...

Last updated: Jun 26, 2020 08:53AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Why is the Burp Suite JAR file so big?

When Burp prompts me to install an update, it gives me the option of a Windows installer, a MacOS installer, a Linux installer, or a JAR file. The installers are all around 160-180 MB in size: this seems reasonable, since...

Last updated: Jun 26, 2020 08:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

My burp suite issues tab is not showing up.

My burp suite community edition's issues tab is not showing up. From what I've seen on youtube, a issues tab should show up on the site map tab without running any scans. Is this a pro edition feature, or is something wrong...

Last updated: Jun 26, 2020 08:09AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

solved lab is showing not solved

i've succesfully sovled the lab Method-based access control can be circumvented but it shows that i dint solve it when i am redirected to the homepage

Last updated: Jun 25, 2020 12:32PM UTC | 3 Agent replies | 14 Community replies | Bug Reports

Page 1 of 53

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image