Burp Suite User Forum

Create new post

'Stream failed to close correctly' when trying to load one lab

Accidentally broke one of the labs - https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-cookie-refresh steps to reproduce: - open burpsuite chromium browser - copy...

Last updated: Jun 21, 2024 08:51PM UTC | 3 Agent replies | 7 Community replies | Bug Reports

Crawling wont start on MacOS Sonoma

I'm using Burp Pro 2024.5.3 and when I start crawling via Scan -> Crawl, a Chromium popup appears on my dock, but it won't open, and the crawl only retrieves robots.txt.

Last updated: Jun 21, 2024 07:24PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

CORS Origin null Lab not working in Firefox and Chromium anymore

Hi there, Context: https://portswigger.net/web-security/cors/lab-null-origin-whitelisted-attack Issue: Exploit does not trigger, when viewing the exploit on Firefox or Chromium. Still works on Google Chrome (unless you...

Last updated: Jun 21, 2024 02:59PM UTC | 1 Agent replies | 3 Community replies | Bug Reports

Basic Clickjacking Lab

When I try to perform the View Exploit function on this lab I receive "Resource not found - Academy Exploit Server", stopping me from completing the lab.

Last updated: Jun 21, 2024 02:50PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

ratelimiting intruder issue / inconvenience during the auth lab

Hi Team, During the lab I ran into an issue with the rate limiting of the community edition with the Lab: Username enumeration via account lock. Here you need to lock the account to figure out the username and see...

Last updated: Jun 21, 2024 10:40AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Solution for "Lab: SSRF with blacklist-based input filter

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried...

Last updated: Jun 21, 2024 05:18AM UTC | 0 Agent replies | 3 Community replies | Bug Reports

OAuth account hijacking via redirect_uri works with chrome but not using burp's chromium

When I store the exploit and view it using Burp's chromium I see the following error in my iframe. However, that's not the case when I use my chrome browser. Due to this I'm not getting the auth code from admin to solve this...

Last updated: Jun 20, 2024 03:53PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

JTree not rendering correctly with BurpSuite's Look And Feel

I am working on improving on of our extensions and I noticed, that a JTree does not render correctly with the default look and feel of BurpSuite. Icons are missing and the indentation of individual notes are also not...

Last updated: Jun 20, 2024 02:14PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

403 Forbidden in sollution in Academy Web cache poisoning via ambiguous requests

Hello, according to the Sollution when i use 2 HOST headers such as GET /?cb=123 HTTP/1.1 Host: 0aa300a60483e49080313f3f008e0077.h1-web-security-academy.net Host: example.com I receive HTTP/1.1 403...

Last updated: Jun 20, 2024 08:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Academy clickjacking lesson doesn't give you credit

I have tried to complete the lab: "Lab: Basic clickjacking with CSRF token protection", and thought I had a correct answer but when I sent my exploit, the lab was still not solved. After much trying I checked the community...

Last updated: Jun 20, 2024 07:20AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

Last updated: Jun 20, 2024 06:59AM UTC | 4 Agent replies | 4 Community replies | Bug Reports

REST API. Get scan status after Burp restart: Task ID not found

Burp Suite Pro version: 2.1.05; Steps to reproduce: 1. Start Burp Suite Pro; 2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan; 3. Poll scan status...

Last updated: Jun 19, 2024 04:07PM UTC | 13 Agent replies | 13 Community replies | Bug Reports

Burp Browser Doesn't Work After Update

I have updated to the latest stable version v2023.5.2, and the burp browser was uninstalled from the burpbrowser directory. When trying to use the browser, the following error message pops: java.io.IOException: Cannot run...

Last updated: Jun 19, 2024 01:13PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Burp possibly doesn't close HTTP2 gRPC connection gracefully

First of all, thank you for your great efforts to make HTTP2 available in Burp. I'm using Go gRPC example application named RouteGuide(https://github.com/grpc/grpc-go/tree/master/examples/route_guide) to check Burp can...

Last updated: Jun 19, 2024 05:05AM UTC | 11 Agent replies | 17 Community replies | Bug Reports

Basic clickjacking with CSRF token protection

I'm having trouble with this lab. When I click on 'View exploit' I have the login page coming up, of course with no 'delete' button. I'm using Burp's browser Chromium and here's my script, of course I'm changing the lab Id...

Last updated: Jun 19, 2024 05:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BCheck Scanning issue with report issue and continue on scan launcher

Hey, just looking to see if its a known issue RE: Bchecks using "report issue and continue" via a host it works via the test cases tab but on running via "scan" and "launcher" and run with "Audit checks - BChecks only" and...

Last updated: Jun 18, 2024 12:42PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Repeter changes http method

If a server advertises h2 in ALPN, the repeater tool changes protocol to this and refuses to change back. To repeat, create a new tab in repeater and paste the following content: -------- GET / HTTP/1.1 Host:...

Last updated: Jun 18, 2024 11:02AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Offline password cracking

Hi all, I'm unable to spin up that lab. I'm always met with a 504 "Page isnt working now" error code. I know some of yours labs have been under maintenance for the past days; I was wondering if thats also one the lab...

Last updated: Jun 17, 2024 09:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Cross-Site WebSocket hijacking

Hi BurpSuite team ! I was hoping I could practice CSWSH but the lab is not working. A new tab is opened, and eventually closed automatically. Is this lab also part of the on-going maintenance? Thank you!

Last updated: Jun 17, 2024 09:52AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Cursor Not Accurate at Request/Response Editor

Hello, i have a problem with my burp. After I installed the latest version, my cursor is not accurate. It happens at request/response editor. For example, when I try to edit a request on the repeater tab, then I click on a...

Last updated: Jun 15, 2024 03:35AM UTC | 10 Agent replies | 14 Community replies | Bug Reports

Page 1 of 146

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image