Burp Suite User Forum

Login to post

MSSQL Injection not being detected by scanner.

Hi PortSwigger Team, The Professional version scanner is not detecting a simple blind SQL injection in Microsoft SQL server. I know in versions 1.7 and 2.0beta this exact scenario was correctly identified several...

Last updated: Jan 17, 2021 05:40PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Connection resets and Failed to negotiate TLS connection

Burp Pro - has anyone else solved the issue of getting continual Connection Resets like fxxxing hundreds. And not being able to tell what is causing it Also lots and lots of Client failed to negotiate a TLS...

Last updated: Jan 16, 2021 07:35PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Crawl & audit very slow, never finishes (Burp pro 2020.9)

I am pretty new to Burp pro, so I don't have a lot of experience to know whether this is expected behavior or not. I am hoping some more experience users can give me some insight here... I am testing a wordpress based...

Last updated: Jan 16, 2021 02:55AM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Labs Failing to Respond

Hi, I'm having issues with this lab,"Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". As soon as I enter the X-Forwarded-Host header, the lab server fails to respond. I've...

Last updated: Jan 15, 2021 07:19PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Scanner application login not trying all buttons

I have a website that has the following login form: <form id="example" name="example" method="POST" target="_self" action="https://example.org/e/?login" accept-charset="UTF-8"> <input type="text" name="username"...

Last updated: Jan 15, 2021 11:15AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

With IOS 14 iphone, the traffic is being intercepted between the client and server, but I'm unable to connect to the site on iphone.

When I go to any site via safari on iphone(ios 14), I'm getting "This connection is not private" and when I hit the option to visit this site, I'm still not able to connect to the site. However, I'm seeing the traffic in...

Last updated: Jan 15, 2021 09:47AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

burp community-failed to connect to website.com:443

Hi, I'm trying to connect to website using burp chromium browser. But most of the time, the loading end by an error screen saying "failed to connect to website.com:443" I searched but didn't fought any awnser that helped...

Last updated: Jan 15, 2021 08:22AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Advanced Scope Control does not follow correct regex syntax

Hi, I noticed the advanced scope control mentions you can insert regex, but it does not actually follow correct regex syntax. Asterisk `*`, should be treated as a quantifier, matching zero to unlimited times, however...

Last updated: Jan 14, 2021 02:57PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

RegEx does not work properly on HTTP Request and Response

Hello I want to use regex to remove those empty lines from the HTTP responses that developers placed there. I used ^ to get the beginning of each line, but what it returns is just the first line of the response and...

Last updated: Jan 14, 2021 02:57PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Un-interactable repeater tabs

Hi, this bug has been around for more than a year now, and I'm unsure what's causing it. Current platform: - MacOS Catalina v. 10.15.7 - MacBook Pro 2019 - 2,6 GHz 6-Core Intel Core i7 - 16 GB 2667 MHz DDR4 - AMD...

Last updated: Jan 14, 2021 10:18AM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Logic error in lntruder module

1、I need to brute force the username and password fields.See 1. JPG POST /xxx/xxx HTTP/1.1 Host: xxx.xxx.xxx.xxx Connection: close Content-Length: 56 Accept: application/json, text/javascript, /; q=0.01 Origin:...

Last updated: Jan 13, 2021 03:12PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Smart decode is not smart

The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod

Last updated: Jan 13, 2021 02:23PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Burp Suite Pro Crash

Burp suite professional crash when I change my keyboard layout to Mandarin input (Pinyin) in Mac OS X 10.14.6

Last updated: Jan 13, 2021 12:12PM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Payload still encodes after unchecking "Url-encode these characters" checkbox

Found on Burp Suite Community Edition v.2020.12.1 1. I'm trying to start intruder attack with following payload: type: recursive grep initial payload: 2021-01-12 16:27:24.056815 (timestamp with characters wich...

Last updated: Jan 13, 2021 08:18AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Request Text Mangling in Proxy

After right clicking and selecting "Send to Repeater" the request text becomes mangled (overlapped in some areas). Running Burp 2020.12.1 Professional with Dark theme in Ubuntu 20.

Last updated: Jan 12, 2021 03:58PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Backup file false positives

I am getting many, many instances of the "Backup file" issue type. The issue is that the scanner makes a request that is a variant of a legitimate request, for example instead of GET /users/sign_in.json, it will call GET...

Last updated: Jan 12, 2021 03:18PM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Unable to reactivate license after removing burp from computer

Hi, I had my burp pro license at the limit. I wanted to remove it from one machine to activate it on another. So I did remove burp from my computer under the help menu, but it is now neither allowing activating the license...

Last updated: Jan 12, 2021 12:43PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab access control user role can be modified in user profile

Hi, I solved it once before but now I was revising and I think it crashed because when I logged in my user using the provided credentials wiener:peter then I went to my account page and then I submitted an updated email...

Last updated: Jan 11, 2021 12:48PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Failed to replay recorded login sequences

I followed the recorded login sequences instruction and successfully generated JSON objects for application login data. But I'm not able to replay and validate the data. All I see is a blank webpage during the replay. I...

Last updated: Jan 11, 2021 10:52AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

SQL injection UNION attack, retrieving data from other tables

administrators password not working......... no problem with carlos and wieners

Last updated: Jan 11, 2021 10:27AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 1 of 68

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image