Bug Reports - Burp Suite User Forum

Burp Does Not Redirect

The application I am testing uses SiteMinder for SSO, and this produces a redirect of the form... <HTML><HEAD><TITLE></TITLE></HEAD><BODY onLoad="document.AUTOSUBMIT.submit();">... <FORM NAME="AUTOSUBMIT" METHOD="POST"...

solved lab is showing not solved

i've succesfully sovled the lab Method-based access control can be circumvented but it shows that i dint solve it when i am redirected to the homepage

Cannot access http pages

Hi, I'm using the company laptop with system VPN and I don't know why I cannot access the http pages, even those in the lab environment such...

Activation

Hi, I had some problems with my machine and I had to format it a few times, but now when I managed to solve the problems my burp does not activate, it says that I have exceeded the number of activations allowed for my...

Burp 2023.1 - all HTTP responses show as edited

Hi, In Burp 2023.1, all HTTP responses show as edited and I can select between original response and edited response in the Proxy HTTP history. However, there are no differences when comparing the two, i.e. the response...

Upgrade Failed

Hello, We tried upgrading BurpSuite Enterprise Kubernetes setup with 'Enterprise Edition 2023.1' with helm chart. We observed that upgrade failed and we were not even able to login into UI. We had to reverse the...

Unknown_CA Error When proxying Android Traffic through Burp

Hello, I am using an Android Nexus 5x running Android Oreo 8.1 I have exported the Burp Certificate, converted it to the correct format and uploaded it in /system/etc/security/cacerts with the correct name and it is...

Install error with .Ink file

Hello, I cannot install BurpSuite and receive the following error: 'BurpSuiteCommunityEdition\BurpSuiteCommunityEdition.Ink Could not create this file.' Can anyone assist me with this issue?

Burp 2022.12.6 on Windows manipulates binary POST body data depending on the Content-Type request header

I've encountered this issue with two separate applications, but finally found a way to reproduce it. Burp v2022.12.6 on Windows 10 64bit, changes binary POST data, when sending manipulated requests. For example...

Burp suite pro 6 generating null pointer exception in console.

First I have observed that burpsuite_pro_v2022.12.6.jar is not invoking using mouse click. It is working fine when running using command prompt. But I am observing exception in console log... C:\Pentesting Tools>java...

the lab could not be started in a timely manner

Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists. I have tried in different browsers but iti is not working

log4j2 vulnerability for Burp Suite Enterprise Edition Version: 2022.11-11262, Java version: 17.0.5

Hi, Our company is using Burp Suite Enterprise Edition Version: 2022.11-11262, Java version: 17.0.5. Could you please clarify if is this version or Burp Suite Enterprise affected by newly discovered log4j vulnerability....

Lab not getting marked as solved: Reflected XSS into HTML context with most tags and attributes blocked

After submitting the payload in the exploit server exactly as the lab answer specifies, the lab is still not getting marked as complete. I even tested it using "view exploit" which executes the xss, but delivering the...

unknown host error

please tell solution . when i browse and intercept and request is forward then error show is unknown host

mouse click ignored

Hello, I can't click any button, including installer; It seems like mouse click is ignored :( I'm using macOS high sierra, and burp professional version 2.1.03. Is there any solution for this? Thanks!

mystery labs "solved labs only" filter broken

When doing mystery labs with the "solved labs only" feature enabled, I recieved two expert level labs despite having never solved any expert level labs. Is anyone else experiencing this issue?

HELP WITH XSS and BURPSUITE!!!

Hello everyone, hope u are all great... I am having trouble replicating an issue that burp alerts too.. I have a reflected xss works fine in burp but is not reproducible in the browser due to modern browsers encoding input...

Reflected XSS in a JavaScript URL with some characters blocked - unintentional xss

Hi team, not sure if labs are built with only one particular and intended vulnerability per lab but in "Reflected XSS in a JavaScript URL with some characters blocked" there is other xss not related to the theme/scope of...

Wrong solution in WSA Expert lab XSS: Reflected XSS with AngularJS sandbox escape and CSP

Hello, in the WSA Lab titled 'Reflected XSS with AngularJS sandbox escape and CSP', the solution section is wrong because it suggests this...

IP of targets in the logger resolve/change dynamically

With Burp Pro (v2022.12.6) the target IP can be shown in the included Logger function. If the IP of the target changes (e.g. By setting a different IP in the settings, network, connections, hostname resolution overrides)...