Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Items explicitly excluded from the scope still saved in Proxy history

Version: Burp Professional v2020.2.1 Issue description: while having the out of scope Proxy history logging disabled, with the scope defined as follows (the IP address was changed): In scope: Enabled: yes Protocol: HTTPS...

Last updated: Apr 16, 2020 12:26PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug on svg-markup-allowed xss lab.

Link: https://portswigger.net/web-security/cross-site-scripting/contexts/lab-some-svg-markup-allowed This lab is not accepting the expected solution. (yes I tried on chrome win/linux)

Last updated: Apr 16, 2020 02:18AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

lab does not solve even if it is correct

I went to solve the following lab:"Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft". And everything I did didn’t work, when I went to see the solution what I did was correct and still...

Last updated: Apr 15, 2020 10:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

looks like there is no way of allowing API user to create scans under a folder.

Hi, My security analyst created a REST API user for me. I logged-in to Burp Enterprise REST-API and tried to use the 2 REST-API GET queries, these GET queries are working fine. The problem is with POST query. It does...

Last updated: Apr 15, 2020 08:35AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

CSRF and CORS LAB not functioning properly

Hi team i would like to know that my CSRF and CORS Labs are not functioning properly.Let me explain this in detail I was trying Simple CSRF lab and i made CSRF POC using both solution and also and CSRF POC generator provided...

Last updated: Apr 14, 2020 09:59AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

SmartCard Authentication - Error: Cannot produce CertificateVerify signature

Greetings, I have a web application that is configured to use pkcs11 Smart Card authentication. When I browse to the application and authenticate via the standard mechanisms, I gain access to the application without...

Last updated: Apr 09, 2020 04:01PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Content-Length being added even when disabled

Using the match/replace in proxy no matter what I do I keep getting Content-Length added for example Content-Length: 1122 even when I create response find/replace for Content-Length: \d+ /aaaaaaaaaaaaaaa I just end up with 2...

Last updated: Apr 09, 2020 08:46AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp scanner ignores scan configuration exclusion lists

Hi, It seems that Burp scanner ignores scan configuration exclusion lists. Version: 2020.2.1 E.g.: Configuration requires to ignore body parameter with name securityId Base request: POST...

Last updated: Apr 08, 2020 12:24PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Apple will not let me open the community version of Burp Suites

“Burp Suite Community Edition Installer” can’t be opened because Apple cannot check it for malicious software.

Last updated: Apr 08, 2020 07:59AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp fails to upload file with "Received fatal alert: record_overflow" error

I am attempting to upload a vanilla PDF to the Glassdoor website while using Burp. With certain files, I keep getting this error: "Error "Received fatal alert: record_overflow" Others work. I don't understand what's...

Last updated: Apr 07, 2020 06:27PM UTC | 1 Agent replies | 3 Community replies | Bug Reports

Request/Response tabs

This has 'bugged' me mildly for a while but have never remembered to raise it. If you click on a request in the HTTP History and click the Response tab and press the up or down arrow to manually view each response, lets...

Last updated: Apr 07, 2020 09:39AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Type casting issue

Hi, There is a bug. When i define the scope (or exclude some links from the scope, to be exact) some underlying functionality LOWERCASES my input. For example, I want to exclude the following link from scope so that...

Last updated: Apr 07, 2020 07:24AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

LAB: SQL injection attack, querying the database type and version on MySQL and Microsoft

There's a bug in the solution (at least trying it out with latest chrome): # is understood as a url delimiter for anchor. It needs to be escaped. A correct solution is: ' UNION SELECT @@version, NULL%23

Last updated: Apr 07, 2020 07:16AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Embebbed Browser not work on Kali Linux

Hi The embebbed browser not work on Kali Linux, I test with health embebbed browser: Aborting checks due to errors. Unable to start...

Last updated: Apr 03, 2020 05:52PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Images not available on the Support website

Hi The images are not available on the Support website. E.g. while visiting https://portswigger.net/support/using-burp-to-exploit-sql-injection-vulnerabilities-the-union-operator there are no images available. E.g. the...

Last updated: Apr 03, 2020 10:44AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Found a wrong instruction

The bug was found in "Lab: Reflected XSS into HTML context with most tags and attributes blocked". The solution indicates that '"Visit the XSS cheat sheet and click "copy events to clipboard"'. I think it should be...

Last updated: Apr 03, 2020 07:14AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Found a wrong instruction

The bug was found in "Lab: Reflected XSS into HTML context with most tags and attributes blocked". The solution indicates that '"Visit the XSS cheat sheet and click "copy events to clipboard"'. I think it should be...

Last updated: Apr 02, 2020 11:20AM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Pasting a text buffer with equal signs in a Repeater's body parameter's value creates unexpected parameters

Adding a multiline buffer <a href=”javascript:alert(0)”>ClickMe</a> to a body parameter split the value by the equal sign and created two more parameters. In addition, I would not expect the edit mode to suddenly turn the...

Last updated: Apr 02, 2020 07:19AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

CPU and RAM in 2020.2.1 on Windows 10

Hello, Since upgrading to the new way of scanning I've had lots of issues with resource. I was hoping the current upgrade might have fixed it, but it's just getting worse. I only have a few extensions enabled with I've...

Last updated: Apr 02, 2020 07:01AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Suite 2.0 doesn't play well with Google Drive File Stream

I've had issues with Burp and GDrive File Stream on Windows 10 (fresh install). Specifically, automatic backups fail and the explicit saving of a project in the GDrive location (G:/ by default) results in the following...

Last updated: Apr 01, 2020 10:44AM UTC | 3 Agent replies | 3 Community replies | Bug Reports

114 115
116
117 118

Page 116 of 156

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image