Burp Suite User Forum

Create new post

Plaintext Password Storage

Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

Last updated: Sep 11, 2023 07:44AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Match and Replace does not seem to work correctly with CJK characters

I'm trying to replace a JSON which contains Japanese characters, I want to replace them with Chinese characters, then the HTTP history shows that no modification was made. (by the way I was unable to send this post until...

Last updated: Sep 08, 2023 01:37PM UTC | 3 Agent replies | 8 Community replies | Bug Reports

Obfuscating attacks using encodings href example

Hello! Just a quick question. Is the example `<a href="javascript\u{0000000003a}alert(1)">Click me</a>` up to date here:...

Last updated: Sep 08, 2023 01:15PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Last updated: Sep 07, 2023 05:07PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Repeater - zero highlights

Hi, I noticed something strange in the latest version of Burp Suite. When I use the search tool in the Repeater tab, it always says that it couldn't find any results, even though there are actually some matches.

Last updated: Sep 07, 2023 04:22PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Suite Community Edition crashes and lags

Hello, I am using the Community version of Burp Suite and I have been experiencing some issues with the software. Every time I start it, it crashes and is full of lags and hangs. The experience with Burp Suite has been...

Last updated: Sep 07, 2023 09:26AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

many tags and events get missing when 'copied to clipboard' in xss cheat sheet

many tags and events get missing when 'copied to clipboard' in xss cheat sheet

Last updated: Sep 06, 2023 02:09PM UTC | 1 Agent replies | 3 Community replies | Bug Reports

Windows High DPI Scaling Issues

I have a 4k monitor on my laptop, currently set to 175% display scaling in Windows 11. In Burp, all text is noticeably fuzzy compared to other applications. I've read through all the related posts on this forum, none of...

Last updated: Sep 06, 2023 02:02PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Burp Suite crashes for some amount of time or takes a lot of RAM in this case ????

When I look at the Http History,Repeater Tabs If request or response contains large data, after I clicked that request burpsuite freezes for half an hour until that request loads. It looks like a kind of normal text editor...

Last updated: Sep 06, 2023 01:50PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Login Record Sequence

I recorded a login sequence successfully. when replaying a recorded login sequence i realized that it does the first 2 steps opening the webpage and typing the user name. but it does not click on the next button and stays...

Last updated: Sep 06, 2023 12:53PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Tutorial (possible issue): HTTP request smuggling, basic TE.CL vulnerability

Dear Burp Suite, No hurry. I'll work on other tutorials. But this one seems to be broken at the moment. In running this tutorial, getting an unexpected error. HTTP/1.1 400 Bad Request "error":"Read timeout" 1)...

Last updated: Sep 06, 2023 11:26AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Other labs are opening except this one

this lab is not opening. is there a problem from your end (other labs are opening except this one) Lab: Reflected XSS with event handlers and href attributes blocked EXPERT LAB

Last updated: Sep 06, 2023 10:48AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: SQL injection attack, querying the database type and version on Oracle

Hello there, I don't know if this legal but I'm going to write exactly what I did and the error I encountered (It doesn't say I have solved the lab). So I determined the number of columns required for the Query and...

Last updated: Sep 05, 2023 09:06AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Even if you search with the search bar, the number of matches is not displayed and "0 highlights" is displayed.

When searching for a string entered in advance in the HTTP message editor, the number of matches is not displayed in the search bar, and "0 highlights" is displayed. A few versions of burp used to show the number of matches...

Last updated: Sep 04, 2023 04:13AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Can't gracefully close BurpSuite when detaching and reattaching Collaborator window

I'm experiencing this issue every time i detach the Collaborator window and i reattach it later on. Since this issue arised for the first time, now every time i start BurpSuite the Collaborator tab is detached and hidden:...

Last updated: Aug 31, 2023 03:12PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Adding Space in Header Kettles Request

Hey, I'm going through the following lab: Password reset poisoning via dangling markup Whenever I add a space to my Host header, Burp Suite kettles my request which causes the CSRF token to not be sent along correctly...

Last updated: Aug 30, 2023 12:24PM UTC | 5 Agent replies | 3 Community replies | Bug Reports

Failed to configure embedded browser

Installation on Windows 10 machine. I get the error message "Failed to configure the embedded browser" when running the installation for Burp Pro

Last updated: Aug 29, 2023 12:29AM UTC | 4 Agent replies | 5 Community replies | Bug Reports

Problem with web cache poisoning labs

Hi, It seems like web cache poisoning labs are not vulnerable anymore. Any time you send the same GET / request it always returns X-cache: miss header, never "hit". I´m not able to solve even the labs that I´ve...

Last updated: Aug 28, 2023 05:49PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Password Reset Poisoning via Dangling Markeup

This lab is not working for me at all. I'm following a video online and doing the steps exactly but when I try to add a port it says 504 Gateway Timeout. OR it says bad request CRSF token expired or something along those...

Last updated: Aug 28, 2023 10:56AM UTC | 7 Agent replies | 7 Community replies | Bug Reports

Lab Cache Poisoning - Cache key injection

For some reason I cannot solve this lab. First, I'm sending this poison to localize.js file. I'm receiving the HIT response. GET /js/localize.js?lang=en?utm_content=z&cors=1&x=1 HTTP/2 Host:...

Last updated: Aug 28, 2023 09:14AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Page 14 of 142

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image