Bug Reports - Burp Suite User Forum

Lab: Cache key injection - expert lab allowing a simple solution

Hello guys, The hint for this lab is: "Solving this lab requires an understanding of several other web vulnerabilities. If you're still having trouble solving it after several hours, we recommend completing all other...

Jenkins plugin fail

Developer who manages Jenkins server for a CI pipeline reports: the Burp plugin installed successfully and offers the options they mention in the instruction but they are non-responsive for some reason, just nothing...

Web Security Academy Bug?

I may have stumbled across either an interesting Academy bug, or my Burp installation and/or browser have had a stroke. But maybe this has been observed before. In short, during the lab "Exploit XSS to Perform CSRF" I...

Invalid certificate generated

The certificate generated contains a country code of PortSwigger which does not conform to the RFC which says that the country code should have a length of 2 https://datatracker.ietf.org/doc/html/rfc3280#page-96 This...

SSRF VUNLERABILITY VIA OPEN REDIRECTION IS NOT WORKING

Hi the SSRF with filter bypass via open redirection vulnerability lab is not working ,was trying to solve the lab the redirect is not going through, it always says "Failed to connect to 192.168.0.12:8080"

IOS 13.4.1 Jailbreaked with Burp 2021.7.1 cert doesn't work

Hi to all, I'm using Burp 2021.7.1 Windows versione with Iphone 6s IOS 13.4.1 with Jailbreak I have tried to use burp for http traffic but it doesn't works in any way. I have also restored the device at factory reset,...

Learning materials never 100% ?

Hey guys, I've checked(completed) all "Learning materials" and its showing: Learning materials: 93% its a bug or I missed something? (double checked) thank u.

i have issues with integration of burp suite to jenkins

Hi , I have followed all the steps in the documentation. https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/jenkins/burp-scan but I am not able to get the build steps for burp...

[Burp Professional v2021.5.1] HTTP/2 not work on invisible proxying

Hi, I'm using Burp Professional v2021.5.1, but HTTP/2 doesn't work at invisible proxying. My setting is below: - Enable HTTP/2: on - Proxy Listners - *:80, support invisible proxying: on - *:443, support...

Scanner doesn't report previously found issues if same Insertion Point number.

For example, there are like following reqest: [Req A] GET https://example.com/request.php?p=TEST_A&mg=TEST_A&exectype=TEST_A [Req B] GET https://example.com/request.php?p=TEST_B&mg=TEST_B&exectype=TEST_B I have set...

Web security academy bug

I am trying to solve SQL injection labs, but when I am solving a lab it doesn't show it is solved. I think is the same problem, that was one year ago, described here:...

Lab: Infinite money logic flaw

In the Macro Editor, click "Test macro". Look at the response to GET /cart/order-confirmation?order-confirmation=true and note the gift card code that was generated. Look at the POST /gift-card request. Make sure that the...

Burpsuite PRO not working with bundled jre

Hi, i was trying to install Burpsuite but getting error that it could not use bundled jre. while checking in logs [5:94] ERROR: Could not load bundled JRE. Failed with error code 1260.

Incorrect Issue Type/Advisory Finding & Remediation

Issue: Browser cross-site scripting filter disabled This issue is incorrect. The remediation says to use "X-XSS-Protection: 1; mode=block" but according to OWASP "The X-XSS-Protection header has been deprecated by modern...

Port being added only to the Host header instead of target URL

Hello, I've noticed a new bug, something that didn't happen before. Currently using burpsuite_pro_v2021.6.2, Windows 10, Google Chrome 91.0.4472.164 So when trying to access http://123.124.125.126:1337 I've noticed...

Embedded browser does not connect to proxy when running second Burp instance

Version: Burp Suite Professional v2021.6.2 Unexpected behaviour - unsure if a bug, or a limitation of the proxy configuration mechanism for the embedded browser. When starting the embedded browser in a second instance...

Broken DNS AAAA lookups

Burpsuite 2021.6.2 on MacOS does not make AAAA DNS lookups, and subsequently does not try to connect to IPv6 addresses of sites. This causes total failure if the site is IPv6-only, eg https://www.v6.facebook.com,...

setHTTPService API method appears broken

Hello, I have successfully created an HTTP request as such: httpService = self._helpers.buildHttpService("google.com", 80, False) requestResponse = self._callbacks.makeHttpRequest(httpService, message) When...

Burp Freezes On Window Maximize During Start

I found a bug which seems to be reproducible. When launching burp on windows and maximizing window during lunch, burp will often freeze after automatically minimizing the window. I'm using latest version of burp pro...

" Match and Replace " function lead burp to crash

My config json is: { "enabled":true, "is_simple_match":false, "rule_type":"response_body", "string_match":".*\r\nHTTP/", ...