Bug Reports - Page 118 - Burp Suite User Forum

WebSocket functionality is not working properly

I'm trying to use burp as a reversproxy between an Electron client application and a remote server but apparently the communication once initialized seems to send malformed packages to the client that after a few moments...

Is external service interaction vulnerability exploitable.

Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any...

Configured the Burp Proxy. Applications not working thru proxy

Hi Support, I configured the proxy as per the document in Burp and Mozilla. Applications not working through this proxy. It is just hanging. Kindly suggest.

Turbo Intruder: always updating Content-Length header

Hello, I have been trying to launch a HTTP Desync attack using Turbo Intruder. Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, ...

Burp suite consuming all memory and locking on scanners.

Hello, I acquired the burp pro and since then I leave it doing scanners in domains. However it is always consuming all the memory of the Burp and in the end it crashes without finishing the scanner.

Burpsuite starts up then disapears

On kali linux, when I open burp suite from the command line it opens and as soon as I click start burp suite disappears but is still running

Burp Suite 2 and RSyntaxTextArea library

Hi, one of my plugin, Brida, uses RSyntaxTextArea library for syntax highlighting. Burp Suite 2 seems to use the same library but unfortunately due to a bug (see https://github.com/bobbylight/RSyntaxTextArea/issues/269 )...

Burp scanner using websocket doesn't work with proxy

By using BURP suit on my application , Burp blocks Web socket requests during proxy I configured local proxy on my browser and on Burp application Then tried login my application and starting capture –Web socket request...

Burp Suite Chrome Cert Error: Error net::ERR_CERT_REVOKED

Hi, I'm running: Linux Mint 19.1 Chrome Version 73.0.3683.86 Burp Suite Pro v2.0.18 Beta And I'm getting a bunch of net::ERR_CERT_REVOKED when I use the Burp Suite proxy in Chrome. Cert is working perfectly in...

run-detectors: unable to find an interpreter for /usr/bin/burpsuite

When I try to start burpsuite community edition this error appears. I tried reinstall java multiple times (multiple versions) but it still doesn't work. Before today everything worked fine... Help would be appreciated

About out-of-band resource load(HTTP)

Burp Scanner scans may detect "out-of-band resource load (HTTP)". In some cases, a modified Host header or GET request URI parameter may be detected to the Burp collaborator host name, but this is a natural behavior, not an...

Burp Enterprise vs Burp pro

Hello, We've noticed differences in testing results between Burp Enterprise and Burp Professional. May you share any documentation or reasons for the differences? Does Burp pro use a newer engine than Burp Enterprise?...

Lab: Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria

The solution for this lab has an incorrect reference to a .com site instead of the .net site. 11. In Burp Repeater, add the following header, remembering to enter your own exploit server ID: X-Forwarded-Host:...

Decoding doesn't work in read-only fields

In Burp v2020.1 you cannot convert (e.g. base64-decode) smth in the Proxy history (which is read only). When you selected the desired text and type Ctrl+Shift+B, the selection becomes slightly shorter (as if it was...

"Intruder / Scan defined insertion points" doesn't work?

Latest version of Burp Pro - after adding/changing insertion points to a request in Intruder and selecting "Intruder / Scan defined insertion points" doesn't seem to work - it doesn't open the scan launcher nor can I add it...

Render broken in latest version - 2.0.22

Hello, in the latest version 2.0.22 the 'render' function is broken. Not only it opens in an external window now, which is unacceptable, but it displays only a blank page, always. It was working FINE in the previous...

Error importing custom CA

I have a custom CA that I've created using an existing rootCA in order to have all my devices already trusting burp. The commands used for that were: openssl genrsa -out burp.key 4096 openssl req -x509 -new -nodes...

The exploit server for Lab: "Web cache poisoning with multiple headers" is a stuck

The exploit server for Lab: "Web cache poisoning with multiple headers" is a static website I think (https://acaf1f291e8c19678018001b014100dd.web-security-academy.net/). My lab is stuck because even after refreshing the...

Academy

Hi I tried out, the following piece on the third XSS lab: <lala onfocus="alert(document.cookie)" tabindex="1" id="x" autofocus>test</lala> or URL encoded,...

Burp Suite Enterprise HTML Report is Malformatted

Hello Burp Suite Team! Parsing Burp Enterprise reports fails because a closing tag is missing in the HTML. The incorrect tag is with tbodys. Instead of closing the tbody tag we see this: </tr> <tbody> # Missing /,...