Burp Suite User Forum

Create new post

Problem with web cache poisoning labs

Hi, It seems like web cache poisoning labs are not vulnerable anymore. Any time you send the same GET / request it always returns X-cache: miss header, never "hit". I´m not able to solve even the labs that I´ve...

Last updated: Aug 28, 2023 05:49PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Password Reset Poisoning via Dangling Markeup

This lab is not working for me at all. I'm following a video online and doing the steps exactly but when I try to add a port it says 504 Gateway Timeout. OR it says bad request CRSF token expired or something along those...

Last updated: Aug 28, 2023 10:56AM UTC | 7 Agent replies | 7 Community replies | Bug Reports

Lab Cache Poisoning - Cache key injection

For some reason I cannot solve this lab. First, I'm sending this poison to localize.js file. I'm receiving the HIT response. GET /js/localize.js?lang=en?utm_content=z&cors=1&x=1 HTTP/2 Host:...

Last updated: Aug 28, 2023 09:14AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp is crashing

Up to two updates ago, Burp suite was great. For the past two or three weeks, it has been crashing continuously. I have to keep starting it again and re-running my scans, rendering the scan results completely...

Last updated: Aug 28, 2023 08:13AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Blank Raw data

Using burp community(upgraded to the latest version) but getting a blank raw data screen.

Last updated: Aug 28, 2023 07:56AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

License Activation

Hello portswigger team. Due to i changed my OS so i tried to active my burp pro edtition with my license key but i got activation field because i used it multiple times during changing my OS several times. I know i asked it...

Last updated: Aug 28, 2023 07:28AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Problem with practice exam 2 stage 3

Hi all, found a vulnerability in practice exam 2, tried all Java gadgets, but nothing comes to the colaborator. Who ran into this problem? CommonsCollections7 fulfills the request, but the collaborator is empty(

Last updated: Aug 25, 2023 06:55PM UTC | 0 Agent replies | 3 Community replies | Bug Reports

Lab: Web cache poisoning via ambiguous requests

Hello BurpSuite Support, I think this lab (https://portswigger.net/web-security/host-header/exploiting/lab-host-header-web-cache-poisoning-via-ambiguous-requests) is not working. Even I tried the Solution and that...

Last updated: Aug 25, 2023 12:45PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Bug on "Track your Progress"

Hi, for some time now the progress tracking system has changed, before when I finished a chapter I would put a flag in the check box and my progress in the "learning materials" field would increase, now it has been stuck at...

Last updated: Aug 24, 2023 04:37PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

license issue

Hi burp suite i had already a user of professional version and its super cool and handy for penetration testing, but i upgraded to enterprise edition and facing difficulty in license configuration itself .

Last updated: Aug 24, 2023 01:55PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Question marks in URL insted of unicode charactes

Endpoints in unicode are viewed as question marks and are not decoded propertly, in some cases even breaking a proper workflow ( instead of requesting the intended endpoint burp forwards a request to /??????????? ). I've...

Last updated: Aug 24, 2023 07:40AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

No more activations are allowed for this license

Hi, i formatted my windows work pc and can't activate the license again. The license is owned by the company i work. Thanks.

Last updated: Aug 23, 2023 12:37PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

While Intercept is on, can not focus Burp's window

Hi I'm using Fedora 38 with Gnome 44.3 While intercepting my traffic from Firefox by "Intercept is on" under the Proxy, after clicking a link, I do <alt + tab> to switch to Burp, but Burp's window does not gain focus, and...

Last updated: Aug 22, 2023 12:56PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

embedded JRE cacert keystore password seems to have changed in recent release

Hi, (Using 2023.9.2 version for Mac OS Apple M1) I get a password failed message while trying to add my own certificate to "BURP-INSTALL-PATH/Contents/Resources/jre.bundle/Contents/Home/lib/security/cacerts". I've...

Last updated: Aug 22, 2023 12:39PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Javascript response in Binary

Burp Pro 2023-9.2 I noticed the proxy and repeater tabs are showing a javascript file response in binary. The same shows as text when opened in browser. Not sure if this is a bug or any setting I need to change.

Last updated: Aug 22, 2023 10:31AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Client Failed to negotiate a TLS Connection to respective application

Hello BurpSuite Support, When I was trying to test a web application using Burp Suite 2.1.07 it is showing with an error Client failed to negotiate a TLS Connection to www.xxxxxxx.com: Received fatal...

Last updated: Aug 21, 2023 01:55PM UTC | 10 Agent replies | 12 Community replies | Bug Reports

Cannot log traffic to file from websockets

Hi, There is no option to log traffic from any tool when the traffic is passing from the websockets. Even though traffic is visible on the Proxy - > WebSockets history tab, it's not logged into the file. *...

Last updated: Aug 21, 2023 01:02PM UTC | 1 Agent replies | 2 Community replies | Bug Reports

Lab: Username enumeration via account lock (PROBLEM)

There is a problem in LAB(Username enumeration via account lock ), Where the account should be locked after multiple attempts. But, I did brute force usernames and passwords through intruder and it didn't trigger (You...

Last updated: Aug 21, 2023 10:02AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

lab bug (SQL injection attack, querying the database type and version on MySQL and Microsoft)

I think this lab (https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft) is not working. Even I tried the Solution and that did not work!

Last updated: Aug 21, 2023 07:21AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Exploiting PHP deserialization with a pre-built gadget chain

Hello I have a problem with this lab, when I send my payload I got a next error: <div class="container"> <header class="navigation-header"> </header> <h4>Internal Server Error: Symfony...

Last updated: Aug 20, 2023 12:37PM UTC | 6 Agent replies | 5 Community replies | Bug Reports

Page 11 of 139

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image