Bug Reports - Burp Suite User Forum

Burp unable to get pass login page

Hello, I am working on a product which has a login page, http://x.x.x.x/api/authenticate , i want to perform a crawl and audit of the web app. I enter in the creds but burp for some reason is unable to use the creds and...

"Resource not found - Academy Exploit Server" error in "Lab: Clickjacking with a frame buster script"

Hello, I am getting the "Resource not found - Academy Exploit Server" when attempting the Clickjacking with a frame buster script lab. The error appears in both Firefox and Chrome when testing the exploit, and I have made...

There are currently no exams available.

Hello there, I wanted to start my BCP exam but when it redirected me to Examity for ID verification, it gave me "There are currently no exams available." message! Examity support advised me to contact you. Can you...

Google translate doesn't work on chromium

The Google Translate Chrome extension isn't working on Chromium (the embedded browser in Burp Suite).

Burpsuite Pro not starting (Could not start Burp: java.lang.IllegalArgumentException: /home/kali/BurpSuitePro/burpbrowser/129.0.6668.70 is an invalid Path to browser)

Hello, I'm having trouble to start BurpSuitePro, it just crashes after start. When trying to launch it from console, i got this error Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on...

burp suite browser unable to download files

Hi, I'm trying to download files with the built-in chromium browser though downloads will either not start or break in between claiming it's completed instead of saying download failed.

Burpsuite is very Laggy / Slow on Mac

--- Behavior For a few weeks/months I have the problem that Burpsuite is extremely slow/laggy on my Mac. Whenever I perform an action it takes seconds for it to have an effect. Let's say I am in the proxy, clicking on the...

AWS S3 CP (Upload via HTTP PUT) Always Fails

Burp is constantly modifying the request from the AWS CLI (SDK) where it removes the content and sets Content-Length: 0 (instead of the actual content-length). This results in the AWS S3 service return an HTTP 100 and HTTP...

Burp possibly doesn't close HTTP2 gRPC connection gracefully

First of all, thank you for your great efforts to make HTTP2 available in Burp. I'm using Go gRPC example application named RouteGuide(https://github.com/grpc/grpc-go/tree/master/examples/route_guide) to check Burp can...

No more activations allowed

Hi! I cleared a previous license from a BurpSuite Pro installation, I tried to use my license on a different installation and I got "no more activation allowed for this license" message. Shouldnt the clearing of the...

Intruder not working

Hello everyone When i am sending data to my intruder with control + I or send data to intruder my intruder open but data is not loading there and on target there is localhost 80 only i already reinstalled my burpsuite...

Column Sorting Does not Persist in Target Tab and Proxy History Tab

hi there, when I sort data via Time Requested in the target tab and the proxy history tab, I notice that it does not persist. Meaning, if I change tabs and come back to it, the sorting goes back to default. this was not...

Double cookie header created by session handling rule

If you create a session handling rule to either add or update a cookie value for requests in some scope, it does not work as expected. The setup is: * a enabled session handling rule; * with any given scope; * a "set a...

Lab: DOM XSS via client-side prototype pollution (not working)

Here is the payload that I used: https://MY-LAB-ID.web-security-academy.net/?__proto__[transport_url]=data:,alert(1); It popped an XSS alert(1) but the lab is still not solved. Please help!

Lab: CSRF vulnerability with no defenses Problems

Hello, good afternoon, I am having problems doing this laboratory, I have seen a couple of tutorials and I have followed several, and I have seen how they do it correctly. The problem is that when I submit or store the...

The solution of "Lab: Forced OAuth profile linking" will meet issue of "Refused to display 'https://0a2a008e04632038819966d8001a00e0.web-security-academy.net/' in a frame because it set 'X-Frame-Options' to 'sameorigin'."

When I try solution of "Lab: Forced OAuth profile linking", in step 11. I will meet issue of "Refused to display 'https://0a2a008e04632038819966d8001a00e0.web-security-academy.net/' in a frame because it set...