Bug Reports - Page 11 - Burp Suite User Forum

Access Button LAB doesn't work

Hello, I am experiencing problems this morning with the All Labs button not appearing in order to access the labs. I have tried changing Browser to clear cache but nothing works. Can you please give me information about...

Use HTTPs Poling with Private Collaborator Server - burpsuite_pro_v2022.11.4.jar

Hi there, I am running into issues when polling a private collaboration server over HTTPS. I receive "No connections to the polling server at <> could be opened. The collaborator will not work in this configuration." when...

Disappearance of the 'Proxy' Tab

Hello, I'm having trouble locating the 'Proxy' tab, which is hindering my ability to intercept requests. Attached are relevant screenshots for...

Domain with underscore gives error

I am trying to perform some tests on a website which domain name contains the underscore character '_' , the browser throws a 'ERR_SSL_PROTOCOL_ERROR', it doesn't even intercept requests made to the website and the only...

Burp proxy breaks public exploits for CVE-2023-46747

See the following issue report on one such exploit that Burp breaks: https://github.com/W01fh4cker/CVE-2023-46747-RCE/issues/3 Basically, the exploit relies on using the 'Transfer-Encoding: chunked, chunked' header with a...

Burp Academy: Lab: Authentication bypass via encryption oracle, Missing Error Messages

Im trying to complete the lab: "Authentication bypass via encryption oracle" without success. I followed the regular solution, as well the community based video, but it seems, that i dont receive any error messages, when i...

Invalid username or password while accessing lab

when i am try to access Lab: Multistep clickjacking my account --> login when i put the correct username and password which are wiener:peter i got Invalid username or password.

Burp Academy: Lab: Web shell upload via extension blacklist bypass

So, no matter what I do, I can't seem to finish this lab. At first I thought I was being dumb, but then I checked the solution and that won't work either. Instead of executing the code, it's just returning the code...

Cookie in dashboard issue activity not updating with cookie jar

Hello, Not sure if it is really a bug, but I found some strange behavior with burp scanner, let's make an example: I log inside a web application and I get a cookie like "PHPSESSID=ABC", then I log out the application...

vmoptions.txt File Resets w/ Every Update

hello I noticed that with every new update of Burp, the vmoptions.txt file is reverted back to its defaults. Is it possible to have this file persist through updates?

unknown host error

please tell solution . when i browse and intercept and request is forward then error show is unknown host

Collaborator "payload" field not correct when using multiple tokens

Perhaps there is a scenario I'm missing where this is a useful feature, but I suspect it is a bug. You have two tokens: abc.oastify.com xyz.oastify.com You make a request `curl -X https://abc.oastify.com -d...

Issue whilst running multiple Burp instances

Hello, On the latest version v2021.4.2 whilst running two or more instances of Burp (working on different projects) the embedded browser will not work as expected. Expected will be for each Burp instance to start a...

Secure connection failed with proxy enabled

When I try to access sites with HSTS implemented I get this error: Secure connection failed An error occurred while connecting to www.google.com. The page you are trying to view cannot be displayed because the...

Burp Suite Certified Practitioner Gateway Timeout

Hello, While doing my exam, I'm getting "Server Error: Gateway Timeout (3)" after modify host header. Is this an intended behavior?

Unable to connect to shop.tesla.com

Vanilla Burp install, latest patches. Verified by another user, with different install, different network, name servers etc. Simply times out. Not seeing anything out of Burp at all. No TCP/TLS etc. Disabling the...

Solution for "Lab: SSRF with blacklist-based input filter

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried...

Host validation bypass via connection state attack

When trying to solve the lab, instead of getting redirected back to the home page I get a 403 Forbidden. I've follow the written guide and step 3 does not behave as expected.

Burp built in browser not connecting to the internet.

Hi, I am having a bit of a problem when running burp's integrated web browser for intercepting, as I run it and enter a website like google.com for example, burp will not intercept and the browser will return an error...

progress lost

I have lost my whole progress.I finished doing the apprentice level learning path then I lost my progress. The web application was opened in two page. In burp chromium and in my regular browser.