Bug Reports - Page 10 - Burp Suite User Forum

No interaction from victim in Access Logs after sending request to /deliver-to-victim

Hello, I'm running into an issue in one of the CSRF labs (CSRF where Referer validation depends on header being present) where there doesn't appear to be any victim interaction after I click "Deliver to Victim" in the...

burp is accessing very slow in intel based macbook pro

https://forum.portswigger.net/thread/burpsuite-professional-2024-5-5-is-slow-on-apple-m3-pro-f27980cb after reading above forum, i've upgraded my burp to 2024.7.3, but still no luck, facing extreme slowness. Processor...

Lab: Exploiting NoSQL operator injection to extract unknown fields - Does not return user token

Hi, I am currently doing the lab Exploiting NoSQL operator injection to extract unknown fields and I am getting all the fields: id,username,password,email but one of them was supposed to be a user's reset token field, that...

BurpSuite Professional 2024.5.5 is slow on Apple M3 Pro

I am using chip M3 Pro and using version 2024.5.5. I feel like the performance on BurpSuite is slow and lagging when I open BurpSuite or scrolling/sending request/loading request. For example, I am in Repeater tab and it...

ERR_SSL_PROTOCOL_ERROR

"When I try to open the following web page with Burp Suite's Chromium or Firefox with the certificate installed, it gives the 'ERR_SSL_PROTOCOL_ERROR' error. https://cors_everywhere_blockbook.clore.ai How could they...

OAUTH labs doesnt show some paths

Hi i was doing OAUTH labs this lab specifically https://portswigger.net/web-security/oauth/lab-oauth-stealing-oauth-access-tokens-via-an-open-redirect and after trying for a while i couldn't solve the lab so i looked up to...

Solved labs in the Academy are not shown as solved.

Hello, I solved the levels listed below but it is not noted outside the lab (e.g. "Track my progress"). However, when I access the labs I receive the message "Congratulations, you solved the lab!". Lab: Reflected XSS...

Payload still encodes after unchecking "Url-encode these characters" checkbox

Found on Burp Suite Community Edition v.2020.12.1 1. I'm trying to start intruder attack with following payload: type: recursive grep initial payload: 2021-01-12 16:27:24.056815 (timestamp with characters wich...

Multistep Clickjacking Lab Queries

I am facing an issue where, after storing the code, upon selecting "view exploit", it does not display the delete account page. Despite attempting multiple URLs, I couldn't locate the page; instead, the login page remains...

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Center the font

The font does not seem to be centered in the latest version of burp, but it is centered in version 2021.5.1 https://img.erpweb.eu.org/imgs/2024/08/4a23266d4308aff4.png

BLIND SQLI lab not working properly.

Hi there I was solving the lab "BLIND SQL INJECTION WITH CONDITIONAL RESPONSES" every thing was working properly until, IT comes to find the length of the password of the "ADMINISTRATOR" user in the solutions the length is...

Clickjacking with a frame buster script Solve is failing

This lab is not solving. Tried in Chrome and Firefox. <style> iframe { position:relative; width:700px; height: 500px; opacity: 0.000000001; z-index: 2; } div { ...

burpsuite chromium browser issues

Hi , i have started to use burpsuite community and everytime i launch the burp browser i get this error code like that : Not secure:https://0af1004b0337409a8006036300ee00ba.web-security-academy.net/login Any website...

Unable to solve Lab: CORS vulnerability with trusted insecure protocols

Hello, I'm facing an issue with the following lab : Lab: CORS vulnerability with trusted insecure protocols "View Exploit" works well and delivers the key on my exploit server, however "Deliver to the victim" only reach...

Availability- The website is too slow now a days

Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...

Browser chorium

I can't perform any lab because when I open the browser from Burp Suite, the browser doesn't load any page. It just stays in loading.

Multi-endpoint race conditions

I'm on the latest version of Burp Pro, and this lab doesn't work for me. It's only purchasing the gift card I put in the cart but not adding the jacket. Or it's adding the jacket but not purchasing anything. I tried...

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

I'm having this error 'Stream failed to close correctly' in the 'Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data' when I forward the request after changing the parameters

Same issue as below

https://forum.portswigger.net/thread/several-labs-not-completing-even-though-exact-steps-were-followed-e69f5c36 Kindly i did exactly same. Payloads working on my side.