Bug Reports - Page 11 - Burp Suite User Forum

Audit Phase gets shows finished but gets skipped

Hi Team, When I try to do the following mentioned scan, it completes the authenticated crawl as it should but the audit phase gets skipped the next moment. It shows as finished but it doesn't run even for a second. There...

Issue in an Academy Lab

Hello it would seem that there is an issue with the Lab for: "Exploiting server-side parameter pollution in a REST URL". After the request for the passwordResetToken is submitted the response does not have a valid password...

No more activations allowed for this license

I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...

Can't send request to get trial of burpsuite pro

I am trying to send request to test pro version of burpsuite, but my email address does't fit. Can you help me ?

Burp's headless browser not launching

Hi guys, I am looking for assistance with an issue I have encountered in Burp. I have been using Burp Professional in my M1 Macbook and always worked without an issue. Now all of a sudden, the headless browser does not...

I am getting the below Java Stackoverflow error when running the latest Burp Proxy jar file with OpwnJDK 20.0.1 and 20.0.2, with or without extensions

C:\Software\Sectools\Appsec>c:\openjdk-22.0.2\bin\java -Xmx24576M -jar burpsuite_pro_v2024.6.3.jar java.lang.StackOverflowError at java.desktop/javax.swing.text.View.getViewFactory(View.java:1028) at...

Burp Academy: Lab: Authentication bypass via encryption oracle, Missing Error Messages

Im trying to complete the lab: "Authentication bypass via encryption oracle" without success. I followed the regular solution, as well the community based video, but it seems, that i dont receive any error messages, when i...

Lab does not reset after a long time

Hi, I tried to solve the "Lab: Basic clickjacking with CSRF token protection" but accidentally deleted my user. I have waited for an hour many times but the lab hasn't reseted yet. May anyone help?

Lab: CSRF where token is tied to non-session cookie

those are also incorrectly processed by my lab, my payload in search does not read properly. Everything is fine in response, but the next request does not execute. request: GET...

Web cache poisoning via ambiguous requests

Currently the lab can't be completed since _lab and session cookies have the Httponly flag when the lab is first loaded. The alert(document.cookie) will never fire correctly.

SameSite Strict bypass via sibling domain LAB seems to be broken

The exploit server log seems to fail at grabbing the requests from the victim after exploit delivery. It seems that the victim never actually clicks on the exploit? As I see nothing in the log or any DNS interaction on...

Burpsuite slow interception

Hello there, I'm testing an Android app and I have burp suite pro and requests and responses are too slow when I make it as the proxy and server not responding I tried the free burp and its working fine I tried many...

Lab 'CSRF where token validation depends on token being present' not solve after email change

Viewing the exploit URL is able to change the email successfully, when I click deliver exploit to vicitm, the exploit not working and unabel to solve the lab. Please check it from your end if there is a bug.

There's something wrong with lab "Targeted web cache poisoning using an unknown header"

Hello, Multiple times I've tried to complete this but it breaks. Sometimes when I try to open this lab, I get a 504 error saying no response. When I do get in, when I get to the step to add "X-Host: example.com", when I...

Lab: OAuth account hijacking via redirect_uri: SessionNotFound

Hi, In the lab titled "Lab: OAuth account hijacking via redirect_uri", I am unable to view the exploit when using the iframe payload on the exploit server. Instead, I get the error below inside the...

Stealing OAuth access tokens via a proxy page

I am trying to solve the exercise "Stealing OAuth access tokens via a proxy page". When I embed the iframe on the exploit server like this: <iframe...

Burp browser is crashing

Hi Team, I am using burp professional version 2024.5.5 and the browser is continuously crashing. Could you please help me here. Thanks

solved labs status not updated

hello , I have been using your website in the last few months and i haven't encountered a similar problem until the past couple of weeks .When I solve a lab , it takes a long period of time to update the status to "lab...

Labs: Web cache poisoning not solved

I can successfully exploit myself but non of the labs get marked as solved. I've tried the first three web cache poisoning labs.

Lab: Exploiting cross-site scripting to capture passwords problems

Hi, The provided solution will trigger DNS requests that my collaborator sees. However, the lab will not trigger the HTTP request. I have confirmed that the collaborator will see http requests when I test the collaborator...