Bug Reports - Page 12 - Burp Suite User Forum

CSRF lab issues

Seems like there are some issues with the CSRF labs. I've tried using a variety of solutions for most of the day now and none of them seem to be working (or the first five I've tried anyway). The exploit server simply goes...

Network error on websites login with burp proxy on

can someone help, anytime i try to log in a website, it keep giving me network error. when i turn off the burp proxy it works smoothly. these website were previously working with burp proxy but since today, it just gives...

Repeater's "Request" section is narrow when Burp Suite starts

Every time I start up Burp Suite and go to the Repeater tool, any existing Repeater tabs (either the default empty one when starting the new project, or any tabs loaded from an existing project) will have the "Request"...

BSCP certification results mail

Hello i passed the BSCP exam around 2 days ago (more than 48 hours) however i havent received any mail with the results. In my-account page i can see status completed. Can i please get an email with the results :)

solved lab is showing not solved

I done the lab of Cross-site scripting (Stored XSS lab) when I finished it, its show me not sloved.Please slove the problem.

Lab: Web cache poisoning via ambiguous requests

Hi, When I try adding a duplicate Host header in this lab, I get a 404 status code. The solution reads: "Notice that if you add a second Host header with an arbitrary value, this appears to be ignored when validating and...

CSRF ACCESS THE LAB not accessible

I am experiencing issue in accessing the LABs specifically for the CSRF portion. Is it me only?

Lab Throwing 504 Error

Hello, Lab: SameSite Lax bypass via cookie refresh Is throwing a 504 Gateway time-out error, I had no issue working and using other labs in CSRF and this one will not load. The lab might need to be reset. Thank you

Payloads still encodes post unchecking 'URL-encode these characters'

The intruder is not encoding anything except . (dot) Original Payload: test@domain.com Once intruder attack begins, payload looks like this: test@domain%2ecom I have unchecked URL encoding under payloads tab already,...

Burp Suite Community Edition is not intercepting response for JS script.

Hello, I've unchecked all of the response and request interception rules, this should in theory intercept all responses and requests. For some reasons I'm able to intercept the request for a JS script but not the...

Are there issues with the Academy labs?

I have been using the Academy in the last 3 days and I have been experiencing random periods when labs do not work properly, sessions with the server time out, and so on. Are you aware of this issue? Perhaps are you...

No academy lab is working

Whe I click Access the lab button on any vulnerability lab it opens the page with 400 bad request.

Lab Not Working Anymore : CORS vulnerability with trusted insecure protocols

I am trying to solve the mentioned lab, with the payload provided by the academy, by the payload isn't working. When i view the payload, the request is indeed sent to stock subdomain, but it replies with...

Lab: DOM XSS in jQuery selector sink using a hashchange event

Hello! I managed to trigger the XSS payload on the exploit server but the lab is not marked as solved. I used this payload for the response body on the exploit server: <iframe...

Burp Browser displays "ERR_CONNECTION_RESET" on new M3 Macbook Pro

Hi! Long time Burp Pro user (4 years). Having trouble with the Burp Browser on M3 macbook pro. VPN is off, AntiVirus is off, Proxy setting offs. Does not work on multiple WiFi networks including hotspot. Any additional...

Lab: Exploiting cross-site scripting to capture passwords

Hello! I think the description of what the simulated victim does should be updated on this lab. I used XSS to relace the current page content with the login form (after fetching it dynamically), then hook on the submit...

Labs keep crashing

Hi, I am currently doing the API labs. Every time i try to do a lab in the academy, the servers keep crashing and i have to wait approx 10 minutes for them to come back online and start working again..Just for them to...

Receiving Kettle Message in Repeater for Request That Shouldn't Be Kettled

Hi, This would be easier to explain with screenshots but I do my best to explain below. I am working on the "Authentication bypass via encryption oracle" lab for business logic vulnerabilities. I have submitted a...

Lab multistep clickjack

I am stuck on this lab, and cant seem to complete it. I've gone through the proposed solution multiple times as well as looked up other online solutions. Whenever i try to view my own exploit i get redirected to the...

Lab: SameSite Strict bypass via sibling domain - solution is broken

Hi this is my solution and and works fine when clicking "view exploit" (i see my messages at the access log) but when I deliver to victim there is no incoming request. can you pls fix the lab? I was going crazy about what...