Bug Reports - Burp Suite User Forum

Failed to connect to sitename.net:443 - Only AWS Sites

I'm running the latest version of Burp Pro and FireFox. I have the certificate installed correctly. I'm not going through a corporate proxy when I test. Just figured I'd get that info out of the way now. We are...

Section Symbols are appearing in images which breaks Intruder

Section Symbols '§' are appearing in any images (jpg, gif, png, etc.) when retrieved in GET requests or posted in POST, if sent to Intruder it corrupts the image because it strips those characters.

Screen Tearing

Whenever I try to set any number values in burp>>intruder>>payload>>Numbers>>Number Format. This happens when i use numbers of more than 2 digits. The whole burp windows glitches and screen tears off. I have been facing this...

Private collaborator server not starting with valid certificates

Hi, I am trying to deploy a private burp collaborator instance and hitting the following error message: May 23 20:46:28 collab java[16727]: 2022-05-23 20:46:28.898 : Using configuration file...

Crawling a web site results to bloated project file

When crawling a web site, using crawling and audit's default settings. my project file size grows almost to 20GB. And when the project file gets that big, the backups will also file (not enough space on my disk). When i...

UI bug in Intruder -> Payload Options[Simple list]

Dear support team, while dealing with the labs I spotted a UI bug in the Simple list -> Payload Options in the Burpsuite's Intruder component (Community Edition v2022.3.8). Steps to reproduce: 1) Create a simple list...

erro na hora de navegar

Boa noite estou usando burp suite comunity editon 2022 3.8 e está com erro na hora abrir o navegador, aparece isso net.portswigger.devtools.client : unable to start browser alguém pode me ajudar por favor

Laps not loading in burp browser or any other proxy but load in normal

when i tried to open lap in burp browser is not loading but i still can see the requests and when i open in normal browser its working i check other website its working in burp browser i think there is problem for burp...

burpsuite not running

I have been trying to badly to search for a way to fix this issue, I cannot open burpsuite from the menu nor can I open it from the terminal. every time I try to open burpsuite from the terminal I am only left with "invalid...

ERR_HTTP2_PROTOCOL_ERROR

I am receiving a ERR_HTTP2_PROTOCOL_ERROR in the browser when attempting to capture the traffic to a website. When I don't use the proxy it works just fine. As soon as you proxy the traffic to burp the error occurs. Has...

helpers indexOf doesn't seem to be working as expected.

(reposting as I neglected to put this in bug reports the first time) I'm working with https://github.com/PortSwigger/java-deserializer I have a stream of bytes in a request that should be a serialized java...

Bug in SQL injection lab

Can I get a sanity check on this lab? https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft I tried the lab on my own at first and couldn't get the...

Auto-scroll also changes focus since 2022.2.6

When looking at req/responses via Burp Proxy history with "Auto-scroll to match when text changes" the first match is not only auto-scrolled to but now also "auto-focused" on. So one extra click to get back to Burp Proxy...

iOS proxy not working

I have always been able to proxy iOS mobile through Burpsuite However today I have no connection I have tried all the steps and debug but nothing. I have tried 3 iphones of different make and model, same thing on all. 2...

burb browser not work

this what it come to me when i click on open browser https://user-images.githubusercontent.com/88084590/168919847-83acfe0e-7066-4c70-9783-9a434b9ab273.jpeg

Bug in "Authentication bypass via OAuth implicit flow" lab

The lab returns 500 error during replay request to /authenticate endpoint with Carlos email. According to solution there is should not be error and i must get the authentication cookie.

Mystery Labs selection

Hello, I wonder why if I select "Apprentice", SQL injection category is greyed out, when some SQLi labs at Apprentice level exist. Same thing if I select "Practitioner": Access Control is greyed out but some Access...

Burp Suite Community Edition - HTTP history shows wrong request

Hi, i'm using burp suite community edition v2022.2.4 on ubuntu 20.04.4LTS, the issue is when i edit a request when intercepting, for example the request body contains this: "idg=shakhsgaewcxvbz_eagvz2_egbvbvaa-hababa", i...

Mystery lab Challenge - XSS onresize

I've trying some mystery lab and i had to do an XSS with "body resize". I saw on xss cheatsheet this payload is marked as "Event handlers that do not require user interaction", and that don't require interaction with...

Frameable response (potential Clickjacking) issue

I received this issue in a scan with the description saying that 'If a page fails to set an appropriate X-Frame-Options or CSP header.... While I do not have the X-Frame-Options header on this page, I do have a CSP header...