Bug Reports - Page 129 - Burp Suite User Forum

Scanner detects non-exploitable xss as "Confidence: Certain"

Hi there, Burp Scanner identified a Reflected XSS with the following payload: "cjb0i"accesskey="x"onclick="prompt(1)"//b1jkc" The problem is, that all modern browsers sent the " URL encoded as %22 and %22 is blocked...

certificate not working for firefox esr

I am on Kali Linux and firefox esr is not able to browse https sites when intercept is turned on. I did install the certificate and it is still not working.

vdf fvdds dvvsv dfs f tgerewwq qw

Email not triggered after completion from Jenkins job.

Hello Team, Created a Jenkins job on CloudBees Enterprise edition for Burp Enterprise edition using Burp Scan. In the Post Build section of Jenkins job used the plugin: Editable Email notification and given the email for...

Web Security Academy

Hello, I am going through the lab and I have problems to find the correct parameters for post requests. For example in "'Blind OS command injection with out-of-band data exfiltration" I do not see "email" parameter in the...

Possible bug in Lab Blind SQL injection with time delays and information retrieval

The injection is on TrackingId cookie, but it only works if you inject in a "/filter?category=" page, not in a "/product?productId=" page. It drove me crazy for a while :)

Enterprise Agents (Pending License)

After I installed computers (agents) to connect to my enterprise server. The agents keep writing pending license. whereas my agent license covers the amount of agents I tried updating the license using the original...

Problems updating Burp Enterprise

It seems that the online update has some sort of built-in timeout and we are consistently hitting it and unable to update. With previous versions, the update would finish after many retries, but since v1.0.14beta we have not...

Repeater abnormal Server response "400 Bad request"

http://oa.wz.zj.cn/ctkj_acl/html/login.html the normal request data: POST /dwr/call/plaincall/FrontAction.getmobilePwdPortal.dwr HTTP/1.1 Host: oa.wz.zj.cn User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0)...

Burp Enterprise - Cannot View Scan Results after Auto-update

I can run scans all day long and my license is active, but I cannot view scan results of new or previous scans. This must have started happening after one of the recent software auto-updates. Please help and please develop...

An unexpected error occurred after update of Burp Enterprise

After the auto updated installed the most recent version the following error pops up when I click on a scan to see the details: An unexpected error occurred. If this problem persists, please contact support@portswigger.net.

scan don't work, burpsuite 2.0 beta

I launch the burp from the .jar file or install the .sh and the "scan", "audit and crawler" dont work, it only appears in the dashboard, but neither a stop or pause message, just does not work

Ignores JSON parameters after {}

Dear, I found that the string {} in JSON of a request body, meaning an empty object, makes following parameters not recognized as the ones. The version is Burp Suite Professional v1.7.37. For example, I have a POST...

bug in https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses

Hi! I was running through the portswigger web security academy because I'm looking forward to be a bounty hunter because I need a job and this is an area of interest for me. I found that in this lab, I ran through the...

https

i have installed the certificate into my browser (firefox) and when i browse an https website i sometimes get a request to forward when intercept is on but even when i press forward, it still doesn't appear in my site map.

Control Click Copy in Intruder Not working.

I am trying to control-click and copy a column in Intruder with no luck. Single and double clicking is not working. Double clicking with the control key held down simply sorts. This is using versions 2.0.19 (Windows) and...

Intruder variable throttling disabled

Hi, i noticed that in BSPro 2.0.20beta i'm unable to setup variable throttling for the Intruder attack tool, the "step" field just remains disabled. https://i.imgur.com/LZBstas.png

Burp Suite Pro, v2.0.20beta Load Scope Buttons do not work.

Burp Suite Pro, v2.0.20beta: In Target/Scope (tab), a scope set (Include and Exclude from scope) can be exported using the "Save" option from the gear icon. The scope can be reloaded in another session by using the "Load"...

2.0.0beta20 crashes due to Out of Memory error

I just started using beta20 and it has now crashed on me twice in two days. Once in the scan phase and just now while being a plain proxy (although with Active Scan++ enabled). hs_err log says Out of Memory Error. This...

burp proxy

Hi, I am using Burp professional 1.17.37 version How to set the proxy for https requests..? By default. its http only, so hw to change that one to https..??