Burp Suite User Forum

Create new post

Burp Academy: Lab: Authentication bypass via encryption oracle, Missing Error Messages

Im trying to complete the lab: "Authentication bypass via encryption oracle" without success. I followed the regular solution, as well the community based video, but it seems, that i dont receive any error messages, when i...

Last updated: Nov 13, 2023 09:34AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Invalid username or password while accessing lab

when i am try to access Lab: Multistep clickjacking my account --> login when i put the correct username and password which are wiener:peter i got Invalid username or password.

Last updated: Nov 13, 2023 08:34AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Academy: Lab: Web shell upload via extension blacklist bypass

So, no matter what I do, I can't seem to finish this lab. At first I thought I was being dumb, but then I checked the solution and that won't work either. Instead of executing the code, it's just returning the code...

Last updated: Nov 12, 2023 11:00PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Cookie in dashboard issue activity not updating with cookie jar

Hello, Not sure if it is really a bug, but I found some strange behavior with burp scanner, let's make an example: I log inside a web application and I get a cookie like "PHPSESSID=ABC", then I log out the application...

Last updated: Nov 10, 2023 03:59PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

vmoptions.txt File Resets w/ Every Update

hello I noticed that with every new update of Burp, the vmoptions.txt file is reverted back to its defaults. Is it possible to have this file persist through updates?

Last updated: Nov 10, 2023 07:50AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

unknown host error

please tell solution . when i browse and intercept and request is forward then error show is unknown host

Last updated: Nov 10, 2023 01:14AM UTC | 13 Agent replies | 16 Community replies | Bug Reports

Collaborator "payload" field not correct when using multiple tokens

Perhaps there is a scenario I'm missing where this is a useful feature, but I suspect it is a bug. You have two tokens: abc.oastify.com xyz.oastify.com You make a request `curl -X https://abc.oastify.com -d...

Last updated: Nov 09, 2023 10:31AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Issue whilst running multiple Burp instances

Hello, On the latest version v2021.4.2 whilst running two or more instances of Burp (working on different projects) the embedded browser will not work as expected. Expected will be for each Burp instance to start a...

Last updated: Nov 09, 2023 09:15AM UTC | 4 Agent replies | 1 Community replies | Bug Reports

Secure connection failed with proxy enabled

When I try to access sites with HSTS implemented I get this error: Secure connection failed An error occurred while connecting to www.google.com. The page you are trying to view cannot be displayed because the...

Last updated: Nov 09, 2023 07:43AM UTC | 4 Agent replies | 4 Community replies | Bug Reports

Burp Suite Certified Practitioner Gateway Timeout

Hello, While doing my exam, I'm getting "Server Error: Gateway Timeout (3)" after modify host header. Is this an intended behavior?

Last updated: Nov 08, 2023 12:18PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Unable to connect to shop.tesla.com

Vanilla Burp install, latest patches. Verified by another user, with different install, different network, name servers etc. Simply times out. Not seeing anything out of Burp at all. No TCP/TLS etc. Disabling the...

Last updated: Nov 07, 2023 01:45PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Solution for "Lab: SSRF with blacklist-based input filter

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried...

Last updated: Nov 07, 2023 12:36PM UTC | 0 Agent replies | 2 Community replies | Bug Reports

Host validation bypass via connection state attack

When trying to solve the lab, instead of getting redirected back to the home page I get a 403 Forbidden. I've follow the written guide and step 3 does not behave as expected.

Last updated: Nov 07, 2023 11:54AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Burp built in browser not connecting to the internet.

Hi, I am having a bit of a problem when running burp's integrated web browser for intercepting, as I run it and enter a website like google.com for example, burp will not intercept and the browser will return an error...

Last updated: Nov 06, 2023 02:44PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

progress lost

I have lost my whole progress.I finished doing the apprentice level learning path then I lost my progress. The web application was opened in two page. In burp chromium and in my regular browser.

Last updated: Nov 06, 2023 10:26AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

File Signature Bytes

Hello, I'm a user of Burp Suite Community Edition only. I'm testing by sending a request include a file with Content-type:multipart/form-data. A problem occurred if the file was manipulated by adding a JPG signature...

Last updated: Nov 01, 2023 10:48AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Browser header sec-ch-ua is empty causing all requests to be blocked

Just installed Burp Pro v2023.6.2 Opened Browser and every request to my company's sites are rejected. We use a WAF that blocks requests containing empty header values. The header being sent with no value is...

Last updated: Oct 30, 2023 01:08PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

File search and buttons don't work

I'm currently using the latest stable version of the Windows Desktop version. For some reason, whenever I'm trying to select a wordlist in Intruder or a session file, it doesn't work and all buttons loose all...

Last updated: Oct 30, 2023 09:45AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Failed to Load Browser

I am getting below error. I have tried to install Burp to 'c:\tools\Burp' folder but I am still getting error. Can you advise? --------------------------- Error Loading Extension --------------------------- Failed to...

Last updated: Oct 27, 2023 07:26AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Internal browser forces HTTPS after update

Hello! I am using the internal browser in Burp Suite, and after updating the community edition to version 2023.10.3.1 the browser forces HTTPS when I try to go to a HTTP site, and I get the error message "Unsupported or...

Last updated: Oct 26, 2023 03:58PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Page 10 of 142

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image