Bug Reports - Burp Suite User Forum

Batched (or stacked) queries SQLi

At https://portswigger.net/web-security/sql-injection/cheat-sheet chapter #Batched (or stacked) queries it is written: "MySQL Does not support batched queries." Perhaps I understand it wrong, but when I'm starting a...

IndexOutOfBoundsException

$ java -version openjdk version "12.0.2" 2019-07-16 OpenJDK Runtime Environment AdoptOpenJDK (build 12.0.2+10) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 12.0.2+10, mixed mode) $ java -Xmx2G -jar...

Rate limit bug

Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious...

Enterprise API Custom Configuration Failure

When I create a custom configuration I am unable to use the Custom Configuration with the API to execute a scan. The call is "curl -vgw "\n" -x POST 'https://[myburpscanner]:8443/api/[user api key]/v0.1/scan' -d...

Scanner doesn't report previously found issues

When performing a second crawl and audit on the same website, the issues are not included in the results. The detail show that issues have been found in the app header, but they aren't loaded in the results. You'd have to...

It was observed that password and security answers are in plain text when captured the request in burpsuite

Hi Team, We have developed application using .net.It was observed that password and security answers are in plain text when captured the request in burpsuite. how can i avoid showing password as plain text? Please let...

iOS 13 + Burp SSL Certs Not Able to be Fully Trusted

I've followed the appropriate steps to fully trust the burp cert, but as of iOS 13 this does not work and HTTPS requests fail. Looking at iOS 13 release notes, I found this: https://support.apple.com/en-us/HT210176 -- I...

Lab "Exploiting blind XXE to exfiltrate data using a malicious external DTD" failing

Hi Support Team, It looks like this lab is not working pretty fine. I have been a long while trying to solve it. Even more, I went step by step to the solution and the result I am being returned is not being accepted by the...

Unable to reply back to a created forum post

Unable to reply back to a forum post , anti forgery token issue

Web academy lab issue

Victim never makes call to forgot password through exploit url or it is not shown in access log reference : https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning

Copied Project uses first request in repeater rather than last made

When a project is copied, after loading it, all the requests in the repeater tab use the first request made rather than the latest. This create a very annoying situation when loading it the copied project for the first...

Opening Existing Project Stalls - 2

When we open an existing project and choose a file and click on "open" the application gets stuck over there with "open" button having dark theme highlight. Does not open the project. Need to go back to previous window where...

Password reset poisoning Lab issue

Victim never makes call to forgot password through exploit url

Content discovery is not directly mapped to site map

Hi, Performing content discovery and looking at the Site map of the discovery process one can see that the items found are not reported directly to the main 'Target Site Map'. In many cases and with the current...

Burp Pro API Scan Error

Dear Support, We are facing a problem, not sure if it's an issue or we are doing something wrong. The scenario is the following: 1. We start Burp and REST API Service 2.POST a scan to url "https://example.com" 3.We...

IMessageEditor does not show markers

When I set up a marked request or response for a IMessageEditor instance, it does not appear to be honored. The editor loads the message okay, but there aren't any markers on it. So if I do something like this: int[]...

Unable to load JAR file

command to initialise burp: java -Xmx1G -Djava.awt.headless=true -classpath "headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar;burpsuite_pro.jar" burp.StartBurp burp version:...

Why is the Burp Suite JAR file so big?

When Burp prompts me to install an update, it gives me the option of a Windows installer, a MacOS installer, a Linux installer, or a JAR file. The installers are all around 160-180 MB in size: this seems reasonable, since...

My burp suite issues tab is not showing up.

My burp suite community edition's issues tab is not showing up. From what I've seen on youtube, a issues tab should show up on the site map tab without running any scans. Is this a pro edition feature, or is something wrong...

solved lab is showing not solved

i've succesfully sovled the lab Method-based access control can be circumvented but it shows that i dint solve it when i am redirected to the homepage