Burp Suite User Forum

Login to post

Lab: Cache key injection - expert lab allowing a simple solution

Hello guys, The hint for this lab is: "Solving this lab requires an understanding of several other web vulnerabilities. If you're still having trouble solving it after several hours, we recommend completing all other...

Last updated: Aug 03, 2021 11:45PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Jenkins plugin fail

Developer who manages Jenkins server for a CI pipeline reports: the Burp plugin installed successfully and offers the options they mention in the instruction but they are non-responsive for some reason, just nothing...

Last updated: Aug 03, 2021 08:55PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Web Security Academy Bug?

I may have stumbled across either an interesting Academy bug, or my Burp installation and/or browser have had a stroke. But maybe this has been observed before. In short, during the lab "Exploit XSS to Perform CSRF" I...

Last updated: Aug 03, 2021 09:20AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Invalid certificate generated

The certificate generated contains a country code of PortSwigger which does not conform to the RFC which says that the country code should have a length of 2 https://datatracker.ietf.org/doc/html/rfc3280#page-96 This...

Last updated: Aug 02, 2021 01:01PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

SSRF VUNLERABILITY VIA OPEN REDIRECTION IS NOT WORKING

Hi the SSRF with filter bypass via open redirection vulnerability lab is not working ,was trying to solve the lab the redirect is not going through, it always says "Failed to connect to 192.168.0.12:8080"

Last updated: Aug 02, 2021 10:40AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

IOS 13.4.1 Jailbreaked with Burp 2021.7.1 cert doesn't work

Hi to all, I'm using Burp 2021.7.1 Windows versione with Iphone 6s IOS 13.4.1 with Jailbreak I have tried to use burp for http traffic but it doesn't works in any way. I have also restored the device at factory reset,...

Last updated: Aug 02, 2021 08:19AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Learning materials never 100% ?

Hey guys, I've checked(completed) all "Learning materials" and its showing: Learning materials: 93% its a bug or I missed something? (double checked) thank u.

Last updated: Jul 30, 2021 06:24PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

i have issues with integration of burp suite to jenkins

Hi , I have followed all the steps in the documentation. https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/jenkins/burp-scan but I am not able to get the build steps for burp...

Last updated: Jul 30, 2021 10:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

[Burp Professional v2021.5.1] HTTP/2 not work on invisible proxying

Hi, I'm using Burp Professional v2021.5.1, but HTTP/2 doesn't work at invisible proxying. My setting is below: - Enable HTTP/2: on - Proxy Listners - *:80, support invisible proxying: on - *:443, support...

Last updated: Jul 30, 2021 09:57AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Scanner doesn't report previously found issues if same Insertion Point number.

For example, there are like following reqest: [Req A] GET https://example.com/request.php?p=TEST_A&mg=TEST_A&exectype=TEST_A [Req B] GET https://example.com/request.php?p=TEST_B&mg=TEST_B&exectype=TEST_B I have set...

Last updated: Jul 30, 2021 12:52AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Web security academy bug

I am trying to solve SQL injection labs, but when I am solving a lab it doesn't show it is solved. I think is the same problem, that was one year ago, described here:...

Last updated: Jul 29, 2021 02:09PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Lab: Infinite money logic flaw

In the Macro Editor, click "Test macro". Look at the response to GET /cart/order-confirmation?order-confirmation=true and note the gift card code that was generated. Look at the POST /gift-card request. Make sure that the...

Last updated: Jul 29, 2021 11:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burpsuite PRO not working with bundled jre

Hi, i was trying to install Burpsuite but getting error that it could not use bundled jre. while checking in logs [5:94] ERROR: Could not load bundled JRE. Failed with error code 1260.

Last updated: Jul 29, 2021 08:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Incorrect Issue Type/Advisory Finding & Remediation

Issue:  Browser cross-site scripting filter disabled This issue is incorrect. The remediation says to use "X-XSS-Protection: 1; mode=block" but according to OWASP "The X-XSS-Protection header has been deprecated by modern...

Last updated: Jul 28, 2021 08:43AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Port being added only to the Host header instead of target URL

Hello, I've noticed a new bug, something that didn't happen before. Currently using burpsuite_pro_v2021.6.2, Windows 10, Google Chrome 91.0.4472.164 So when trying to access http://123.124.125.126:1337 I've noticed...

Last updated: Jul 27, 2021 02:26PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Embedded browser does not connect to proxy when running second Burp instance

Version: Burp Suite Professional v2021.6.2 Unexpected behaviour - unsure if a bug, or a limitation of the proxy configuration mechanism for the embedded browser. When starting the embedded browser in a second instance...

Last updated: Jul 27, 2021 10:37AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Broken DNS AAAA lookups

Burpsuite 2021.6.2 on MacOS does not make AAAA DNS lookups, and subsequently does not try to connect to IPv6 addresses of sites. This causes total failure if the site is IPv6-only, eg https://www.v6.facebook.com,...

Last updated: Jul 27, 2021 09:25AM UTC | 4 Agent replies | 3 Community replies | Bug Reports

setHTTPService API method appears broken

Hello, I have successfully created an HTTP request as such: httpService = self._helpers.buildHttpService("google.com", 80, False) requestResponse = self._callbacks.makeHttpRequest(httpService, message) When...

Last updated: Jul 26, 2021 11:55AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Freezes On Window Maximize During Start

I found a bug which seems to be reproducible. When launching burp on windows and maximizing window during lunch, burp will often freeze after automatically minimizing the window. I'm using latest version of burp pro...

Last updated: Jul 26, 2021 10:23AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

" Match and Replace " function lead burp to crash

My config json is: { "enabled":true, "is_simple_match":false, "rule_type":"response_body", "string_match":".*\r\nHTTP/", ...

Last updated: Jul 26, 2021 08:07AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 1 of 81

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image