Bug Reports - Burp Suite User Forum

MSSQL Injection not being detected by scanner.

Hi PortSwigger Team, The Professional version scanner is not detecting a simple blind SQL injection in Microsoft SQL server. I know in versions 1.7 and 2.0beta this exact scenario was correctly identified several...

Connection resets and Failed to negotiate TLS connection

Burp Pro - has anyone else solved the issue of getting continual Connection Resets like fxxxing hundreds. And not being able to tell what is causing it Also lots and lots of Client failed to negotiate a TLS...

Crawl & audit very slow, never finishes (Burp pro 2020.9)

I am pretty new to Burp pro, so I don't have a lot of experience to know whether this is expected behavior or not. I am hoping some more experience users can give me some insight here... I am testing a wordpress based...

Labs Failing to Respond

Hi, I'm having issues with this lab,"Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". As soon as I enter the X-Forwarded-Host header, the lab server fails to respond. I've...

Scanner application login not trying all buttons

I have a website that has the following login form: <form id="example" name="example" method="POST" target="_self" action="https://example.org/e/?login" accept-charset="UTF-8"> <input type="text" name="username"...

With IOS 14 iphone, the traffic is being intercepted between the client and server, but I'm unable to connect to the site on iphone.

When I go to any site via safari on iphone(ios 14), I'm getting "This connection is not private" and when I hit the option to visit this site, I'm still not able to connect to the site. However, I'm seeing the traffic in...

burp community-failed to connect to website.com:443

Hi, I'm trying to connect to website using burp chromium browser. But most of the time, the loading end by an error screen saying "failed to connect to website.com:443" I searched but didn't fought any awnser that helped...

Advanced Scope Control does not follow correct regex syntax

Hi, I noticed the advanced scope control mentions you can insert regex, but it does not actually follow correct regex syntax. Asterisk `*`, should be treated as a quantifier, matching zero to unlimited times, however...

RegEx does not work properly on HTTP Request and Response

Hello I want to use regex to remove those empty lines from the HTTP responses that developers placed there. I used ^ to get the beginning of each line, but what it returns is just the first line of the response and...

Un-interactable repeater tabs

Hi, this bug has been around for more than a year now, and I'm unsure what's causing it. Current platform: - MacOS Catalina v. 10.15.7 - MacBook Pro 2019 - 2,6 GHz 6-Core Intel Core i7 - 16 GB 2667 MHz DDR4 - AMD...

Logic error in lntruder module

1、I need to brute force the username and password fields.See 1. JPG POST /xxx/xxx HTTP/1.1 Host: xxx.xxx.xxx.xxx Connection: close Content-Length: 56 Accept: application/json, text/javascript, /; q=0.01 Origin:...

Smart decode is not smart

The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod

Burp Suite Pro Crash

Burp suite professional crash when I change my keyboard layout to Mandarin input (Pinyin) in Mac OS X 10.14.6

Payload still encodes after unchecking "Url-encode these characters" checkbox

Found on Burp Suite Community Edition v.2020.12.1 1. I'm trying to start intruder attack with following payload: type: recursive grep initial payload: 2021-01-12 16:27:24.056815 (timestamp with characters wich...

Request Text Mangling in Proxy

After right clicking and selecting "Send to Repeater" the request text becomes mangled (overlapped in some areas). Running Burp 2020.12.1 Professional with Dark theme in Ubuntu 20.

Backup file false positives

I am getting many, many instances of the "Backup file" issue type. The issue is that the scanner makes a request that is a variant of a legitimate request, for example instead of GET /users/sign_in.json, it will call GET...

Unable to reactivate license after removing burp from computer

Hi, I had my burp pro license at the limit. I wanted to remove it from one machine to activate it on another. So I did remove burp from my computer under the help menu, but it is now neither allowing activating the license...

Lab access control user role can be modified in user profile

Hi, I solved it once before but now I was revising and I think it crashed because when I logged in my user using the provided credentials wiener:peter then I went to my account page and then I submitted an updated email...

Failed to replay recorded login sequences

I followed the recorded login sequences instruction and successfully generated JSON objects for application login data. But I'm not able to replay and validate the data. All I see is a blank webpage during the replay. I...

SQL injection UNION attack, retrieving data from other tables

administrators password not working......... no problem with carlos and wieners