Bug Reports - Page 107 - Burp Suite User Forum

SmartCard Client SSL Certificate

Hi, we have an internal setup where we use SmartCards for Authentication. In Burp 1.7 this worked like a charm but somewhere after the 2.0 upgrade something broke. At the last step (where you enter your PIN code) the...

Issue with response from lab link

Hi, I am not getting any response back from one of the lab exercise link "https://acf11fe21f086c81803b383000780037.web-security-academy.net" when i am forwarding the intercepted traffic from burp back to this link. The...

Not able to log into certain websites while proxying through Burp

I've noticed on a number of engagements recently that I haven't been able to log in to certain sites (sensitive so unfortunately can't share). Generally if I click login nothing will happen. Browsing the rest of the site...

[v2020.1/macOS 10.15.3] "Convert selection" not working in read-only request/response panels

In the latest 2020.1 version running on macOS installed with the .dmg installer and/or updated with the updater, the "Convert selection" menu item will not let one convert the selection inside the read-only request/response...

Scan results are not displayed properly on browser: IE, Edge and Firefox

Hello Team, We have triggered scan from Burp Enterprise. On IE, Edge or Firefox browser when we click the 'Site' from Scan Dashboard it opens Scan details page. There the details are seen overlap on these browser. It...

Date Modified Timestamp On Windows

Hi, While using burp 1.7.37 on Windows I noticed that the "Date Modified" field is not being updated after closing Burp Suite. I use version control system to upload the latest version of burp file to a repository and it...

Dark Theme - Buttons in Burp Collaborator not "changing" / "switching" when clicked...

Love the dark theme, but I think it's missing a small component. When using the dark theme, in the Burp Collaborator Client, buttons do not switch or change when I click them (lighter or darker would be fine). Simply put,...

2020.1 New Editor Modifies Binary Data Unexpectedly

Hi, I noticed that editing a file upload request in repeater modifies the content of the file. To reproduce the issue, intercept a file upload and send to repeater. Then add a character in the editor and delete any...

Burp Suite Pro showing wrong time

Under HTTP history the time of all requests are one hour late from the actual time. From diagnostics I can see "user.timezone America/Sao_Paulo" which is right. I believe this is a bug related our summer time which has...

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Lab doesn't seem to be working for me, even when I follow the solution. Getting timeout errors. This is what I'm trying to use, host url is correct, target is correct, update content length is not checkmarked, and keey...

Header information replaced in Proxy intercept but not in Target Scope

Hi I've set up an HTTP header replacement rule in Proxy > Options > Match and Replace and it works OK when looking at an intercepted request in the Proxy > Intercept > Raw window. However, when I forward the request and...

[webacademy] Bug in explanation of blind SQLi

There is a bug in section 'Exploiting blind SQL injection by triggering conditional responses', page https://portswigger.net/web-security/sql-injection/blind. Initial query is SELECT TrackingId FROM TrackedUsers WHERE...

Burp Profession Scan missing HIGH Severity Issue

Hi, I have scanned same application in Burp Professional v2 and Burp Enterprise Edition v1.0.15beta but as per the reports Burp Pro is missing in HIGH Severity i.e. SQL issue in report whereas Enterprise Report is...

Bugs

Any pieces of the puzzle that can be found?

installation on mac throws java error

same issue using the dmg installer or jar file directly Exception: java.lang.ClassCastException: class com.install4j.runtime.beans.actions.misc.LoadResponseFileAction cannot be cast to class...

Repeater 'Send' button acting differently for WebSockets

Hello, in the HTTP version of Repeater, clicking on the 'Send' button (or using the corresponding hotkey, here 'Ctrl + G') sets the focus on the request editor. However, the exact same action in the WebSockets version of...

Jenkins scan giving error 'Build step failed with exception java.io.IOException:...'

Hello Team, We are scanning one application from Jenkins using plugin: Burp Scan. If we scan the application from Burp Enterprise then scanning is happening, where as when we try to scan same application from Jenkins...

False Negative in AngularJS XSS?

Hello, I've a vulnerable Web application where injection inside an AngularJS 1.0.0 context is possible. That leads to a XSS via {{...}}, that is easily exploitable. I know that, at some point, Burp Suite managed to...

Need clarification on the Burp Suite Pro

Hi, We have one of the clients requesting for document sign off, Can you please clarify the attached for Burp Suite Pro? Is there any partners who can deliver the training on this tool, can you please connect to...

Confirmed false-negative related to AngularJS XSS

Hi! Creating a new ticket given that the previous one 1) doesn't in my cases 2) isn't very clear https://support.portswigger.net/customer/en/portal/questions/17690810-false-negative-in-angularjs-xss- Burp Suite will...