Bug Reports - Page 102 - Burp Suite User Forum

Intruder: useless popup

While attacking with Intruder, most of the times we need to change the threads, check the Grep-Match box or many other things in the Options tab. When we do this on the live attack the below annoying popup window...

Cannot see crawler responses

While crawling, "Session handling tracer" shows the requests but it shows empty responses. I want to be able to see the responses.

Burp won't start on my OSX machine any more

Hi folks, Finding this one a little tricky to solve. Burp stopped working on my OSX system recently. I run it from the command line with something like: java -Xmx1024m -jar burpsuite_pro_v1.6.18.jar I get the...

Cannot login on another computer

Hello, like on subject, can't login on my account on another computer. I Didn't see any restrictions to login on another systems, can you help? Thank you,

Extension Errors

I found a strange bug. Sometimes the stderror location of my extension in the "Errors" tab ("Extender" -> "Extensions") suddenly changes his value, from "Shown in UI" to "Output to system console". This behaviors can hidden...

Unable to save project

[Burp Pro v2.0.04beta]Hello! While I'm trying to save project file I am getting following error: "Unable to save project data to the file /../../../../projectname.burp: null" I don't know how to see the full error trace. I'm...

No Response

I send Request many times but there was no response It is showing Waiting... Forever, What shoud I Do

NTLM Authentication doesn't work

Hey all, I have been trying for days to get NTLM authentication to work with Burp. I've tried multiple browsers and find that Burp will not proxy NTLM requests at all. When authenticating manually through the browser I...

Incomplete URL encoding

According to RFC3986 section 2.2, square brackets ('[',']') are reserved characters. Burp doesn't percent encode these characters when using the Ctrl+U hotkey, and one can observe Scanner payloads that don't have these...

false positive on RXSS?

i recently got the alert of reflected XSS with confidence certain because "vbscript:msgbox(19301293)" was injected inside a <a> tag, in the href part. I wasn't aware vbscript could be injected there. the thing is that,...

My progress is always 30%

Hi friends! I read all articles and mark them as "Completed" a month ago. However, after some updates, I found that my progress right now is 30% even after I mark new posts with the "Completed" checkbox. What I must do to...

Websockets not working with burp

my browser unable to connect *any* websocket while working with burp I also tried changing my browser. I'm getting this error on firefox (similar messages in other browsers): "Firefox can’t establish a connection to the...

Burp Suite Community Edition won't start

I've been using Burp Suite on my Ubuntu computer for a couple of months, but for some reason it has stopped working. I don't know why - I was using it, then it crashed, stopped working, and since then I haven't been able to...

Items explicitly excluded from the scope still saved in Proxy history

Version: Burp Professional v2020.2.1 Issue description: while having the out of scope Proxy history logging disabled, with the scope defined as follows (the IP address was changed): In scope: Enabled: yes Protocol: HTTPS...

Bug on svg-markup-allowed xss lab.

Link: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed This lab is not accepting the expected solution. (yes I tried on chrome win/linux)

lab does not solve even if it is correct

I went to solve the following lab:"Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft". And everything I did didn’t work, when I went to see the solution what I did was correct and still...

looks like there is no way of allowing API user to create scans under a folder.

Hi, My security analyst created a REST API user for me. I logged-in to Burp Enterprise REST-API and tried to use the 2 REST-API GET queries, these GET queries are working fine. The problem is with POST query. It does...

CSRF and CORS LAB not functioning properly

Hi team i would like to know that my CSRF and CORS Labs are not functioning properly.Let me explain this in detail I was trying Simple CSRF lab and i made CSRF POC using both solution and also and CSRF POC generator provided...

SmartCard Authentication - Error: Cannot produce CertificateVerify signature

Greetings, I have a web application that is configured to use pkcs11 Smart Card authentication. When I browse to the application and authenticate via the standard mechanisms, I gain access to the application without...

Content-Length being added even when disabled

Using the match/replace in proxy no matter what I do I keep getting Content-Length added for example Content-Length: 1122 even when I create response find/replace for Content-Length: \d+ /aaaaaaaaaaaaaaa I just end up with 2...