Bug Reports - Burp Suite User Forum

BurpSuite Professional on Kali (ARM) running on MacBook Pro with M1 processor

Hello, I am trying to run my BurpSuite Professional licensed version on a MacBook Pro with M1 processor but I receive error: Unpacking JRE ... Starting Installer ... ./burpsuitepro.sh: 598:...

Division by zero while loading a saved project

I am using v2021.5.2 and loading a project written with it. Unfortunately the project has a fault and keeps reporting division by zero at every load. Is there something I can do to fix the project file? The...

Burp Suite Professional - Error Connection Reset

I am experiencing a connection reset error intermittently, it seems, when trying to rn injections on the SQL Injection lab 'Listing the contents of a database'. I even tried following along with one of the video tutorials...

OAuth authentication

Authentication bypass via OAuth implicit flow: this lab when i want to log into social network page the this page redrict to this kind of page: SessionNotFound: invalid_request at Provider.getInteraction...

HTTP1.1 replaced by HTTP/2 in response header?

I intent to use Burp Suite to be able to see in more detail the communication of an application I just started to develop. I am currently using Community Edition v2021.5.2. My application responds normally when I do not...

Academy Progress Lost

I recently change my email to email B and lost all my progress except for XSS labs. Then when I change back my email to email A, I still lost all the other lab progress (CSRF SSRF, SQLI,etc) except for XSS labs. Need...

Burp Collaborator can't Connect

Someone has the error The capture server hostname c7klv47kjxdhx7bg32grw89gp7vk93tlxom.burpcollaborator.net could not be resolved to an IP address. Ensure that an appropriate DNS entry exists for the server. No...

Burp Collaborator doesn't show request for DNS and HTTP

Collaborator showed request only for https://<url> If I used http://<url>, the server showed the response, but doesn't get captured in collaborator client.

Browser not opening in Professional v2021.5.2

Hello, I am currently running v2021.5.2 on windows. When I try to run inbuilt chromium browser, I am getting the following error message: net.portswigger.devtools.client.s: unable to start browser I had a look at the...

HTTP2 Failure In Extensions / callbacks.makeHttpRequest

Hello, I'm currently using Burp Pro version 2021.5.1-7814, however I've noticed this behavior on earlier versions as well. The Proxy handles HTTP/2 traffic just fine. So does repeater. But when an extension literally...

Problem with sqlmap after burp update to 2021.4.2

Sqlmap can be run by giving --proxy https://127.0.0.1:8080 which will take alll its data through burp. However, after the recent update in burpsuite, while running sqlmap with burp proxy, getting error: [18:24:03] [INFO]...

Http2 not supported in target requests

Hi team, I was trying to scan an application supported http2. But my login macro failed. while looking through the logs, the status code of (macro request's response) is 505. The same request is successful in repeater...

Null Payloads No Longer Repeating in Intruder

I'm running the latest version (v2021.5.1). I used to use intruder with null payloads and one minute intervals, and a grep for user info to see how long a session would last after a user logged off. However, this no longer...

[Beta v2.0.03beta] New Scan does not seem to ever finish

Hi, following up on my previous bug report. I am running the latest burp beta on a fully updated OSX and JAVA environment. I have started a new scan against 2 URLS from the same domain and towards the end of the scan,...

[Minor False Positive] Strict transport security not enforced when HTTP 30x encountered

Hi, I have several instances on the dashboard which claim to have a HSTS problem but burpsuite obviously connected to the instance before. Example of a full response header: HTTP/2 304 Not Modified Date: Tue, 08...

XSS Cheat Sheet Copy to clipboard option does not work.

Hi guys, I am trying to use the copy to clipboard option on the XSS cheat sheet page, in order to paste the payloads on the payload tab and it seems that it is not working. I have tried it from both the guest OS and my...

Wrong lookup IP address in External service interaction (DNS)

Hi, We had recently performed Burp Suite Scan on our application and the External service interaction (DNS) was reported with Severity: High and Confidence: Certain. However in the Collaborator DNS interaction the IP,...

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Repeater request timeout

HI i am the lab trying the web cache poisoning with multiple headers. i place the cache buster and the x-forwarded header the request in repeater the request keep timing out. i do it without cache buster and custom header it...

Request Engine

Hi! I can not see in the Intruder in the options pannel the Request Engine which enable us to change the number of threads sent. I just have an Error Handling section... I have the BurpSuite version 2021.6. Thank you!