Bug Reports - Page 104 - Burp Suite User Forum

Rest API scan bug when reopening project..

Hello, I'm launching the scan through the Rest API perfectly and I am able to use the endpoint /v0.1/scan/3 to access the status. My callbackurl is also working receiving updates from the scan. But when I close and...

Repeater History Not Saved in Project File (Burp 2020.9.1 Win x64)

I opened yesterday's Burp project to resume my test, and the Repeater tab is empty. Yesterday, it had several requests & responses I'd been working on. This is reliably recreate-able in Burp Suite Pro 2020.9.1 on Windows...

Turbo Intruder

Turbo intruder adding a subset of integers if your .txt dictionary list begins with an integer value. This results in the file path designated into the script to become incorrect and will not run properly. For example...

scanner stops sending requests

Hi, i have a recurrent issue with burp scanner where the scanner makes around 200 requests then stops. it is not paused, it simply stops sending requests. Sometimes after closing and reopening burp the scanner resumes...

"Cannot contact reCAPTCHA. Check your connection and try again."

I'm trying to do an XSS vulnerability scan on a particular site that requires a captcha before submitting the form. The problem is I get the error seen above and I need some help fixing it. Any ideas?

Auto Modifying Responses Gives Invalid Output

When sending a request that gets automodified, switching to the automodified response dropdown in proxy history shows the modified response correctly. If you then click on another request that hasn't has its response...

Automating Burp Pro - docker issues (Activation & REST API availability)

Hi, I'm attempting to automate Burp licensing and run Burp with the REST API in headless mode via a Docker container. This is how I'm invoking Burp: "java -Djava.awt.headless=true -jar scanners/burp/burpsuite_pro.jar...

very slow and late response from web academy site

Hello, is it some bandwith trouble with web academy server? Can't do lab because of very slow response from site.

web cache poisoning labs with X-Forwarded-Host header and 504 Gateway timeout

Hi, I'm having issues with most labs on web cache poisoning. Basically, as I add the X-Forwarded-Host header, inevitably I get the 504 Gateway timeout error. I have checked the solution of Michael Sommer on youtube to...

Bug causes Request Smuggling False Positive

I noted a bug in the request smuggling vulnerability claims. Two requests are quoted, one with a request and a response. The second is provided with a request and no response. The second lacks the two CRLF's required to...

REST API. After Scan: Task ID not found

Burp Suite Profesional v2020.8.1 Steps to reproduce: 1. Start Burp Suite Pro 2. Launch new scan in the GUI 3. Poll scan status with HTTP GET https://127.0.0.1:1337/v0.1/$taskID --> Scan status poll fails with HTTP...

Project Override Upstream Proxy Servers - Autopopulating and causing infinite proxy loop

I'm having an issue when I try to proxy chain to Fiddler in a corporate environment. I had previously used Fiddler to handle PAC rules to authenticate to outbound web proxy server (NTLM) for external assets and direct...

Burp hangs when using http request smuggler

Hello team Burp get hanged when Using request smuggling extension Here is the youtube video https://youtu.be/V3IHU8MDTQA

"Send to Decoder" 10K limit - bug or known limitation?

Hi, I don't know whether this is a known limitation or a bug, but when I use the "Send to Decoder" function in the proxy history, the data sent to the Decoder gets truncated to 10.000 characters. I found out, when I tried...

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

The given solution ends with a # for comment but this doesn't seem to work. A double dash followed by a space (URL encoded ofc) works fine.

Burp doesn't want run from JAR

Hello, I try run burpsuite_community_v2020.9.1.jar on PinebookPro using this command sudo java -jar burpsuite_community_v2020.9.1.jar it start to loading but immediately i get some exeception and it crashed there...

Burp not reconizing login page

After installing the new version of Burp Pro, it no longer finds the login page when scanning our site. I have added the appropriate credential and made sure the login page has the required attributes and criteria to...

license invalid

Please help after installation of burp, it says our downloaded license is invalid, contact support. It was working 1 week before on our previous installation.

Lab: Exploiting HTTP request smuggling to capture other users' requests

when trying to login using the captured victim cookie it doesn't show SOLVED lab and stuck in "Invalid CSRF: token" message, even i have tried to insert "Cookie: victim-fingerprint=xxxx; session=xxxx; secret=xxxx" in the...

Scanner does not work with NTLM auth

The scanner times out when going through socks proxy with NTLM auth. This issue is not present in burp 2020.5. The problem was found in all versions above 2020.5