Burp Suite User Forum

Create new post

Unable to quit Burp after undocking Proxy tab

I detached the Proxy tab and quit Burp and it saved that way. I want to change it back ... now if I re-attach the tab or use view -> restore default tab layout and try to quit, nothing happens. If I force quit, the tab...

Last updated: Oct 10, 2023 07:48AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Report bug in Authentication 2FA simple bypass lab

After entering the username and password on the 'my account' page close the lab tab without entering the 4-Digit security code. Then access the lab again, and go to the 'my account' page LAB SOLVED.

Last updated: Oct 09, 2023 09:49AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

automatic addition of the \r character when copy a newline character (\n)

I hope this message finds you well. I'm currently experiencing a peculiar issue with Burp Suite that I would like to address. When I copy a newline character (\n) and then paste it into a text field, Burp Suite automatically...

Last updated: Oct 09, 2023 09:01AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp labs reporting error "Could not create new HTTP/2 connection" when trying to connect

I'm trying to connect to the site to solve the lab but it returns that error. I've tried reimporting the certificate, resetting the proxy options and reinstalling my Kali VM. The proxy connection works because it loads the...

Last updated: Oct 09, 2023 08:42AM UTC | 5 Agent replies | 6 Community replies | Bug Reports

unusable interface issue

Image previw: https://imgur.com/61GYvxV I just launched Burp and have no idea why it looks like this, I tried reinstalling it and it is the same thing. display settings: res: 1920x1080 dpi: 96

Last updated: Oct 09, 2023 06:58AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Intruder never starts with from given didget

For example if you chose numbers and you start from 0000 to 9999 (10.000 options) it will not try to brute force the endpoint $0000$ from 0001 to 9999 instead it will scan from 1 to 9999 Is this a bug or is there a way...

Last updated: Oct 05, 2023 08:56AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Notes feature is missing from Repeater

I am unable to find the notes feature in the repeater tab in version 2023.10.1.2. Can you please help in finding it? I think either it has been removed from the mentioned release or there is some bug due to which its not...

Last updated: Oct 04, 2023 08:44AM UTC | 1 Agent replies | 2 Community replies | Bug Reports

Burp with Azure iotedge

I tried to use Burp with an Azure IOT edge client. It's a special kind of software that is for example installed on a VM that should talk to Azure. Of course it talks HTTP/HTTPS and even supports proxying. However, I...

Last updated: Oct 03, 2023 08:33AM UTC | 1 Agent replies | 2 Community replies | Bug Reports

Filter by search terms broken when using nonascii characters

Hi, We live in Romania and when working in our native language we are also using non-ASCII characters: ăîâșț. I noticed that if I use these in a website proxied through Burp the filter does not find this characters....

Last updated: Oct 02, 2023 10:23AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

With valid payload unable to complete the lab

Hi Team, I am working on following lab," DOM XSS in jQuery anchor href attribute sink using location.search source". I was able to use following payloads, and popup is seen, but lab status is still not solved. Some...

Last updated: Oct 02, 2023 09:25AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab not working

Hi Team, The NoSQL injection bypass authentication lab is not working properly. I am able to login to wiener account with the NoSQL injection but not the administrator. I guess the administrator user was not added to the...

Last updated: Sep 29, 2023 07:27AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burpsuite Replay Login Recorder not working

Hi team, Currently we used BurpSuite Login Sequences to record my login to web application on almost our website for automatic scan. But today I encounter an error that after I recorded login sequences, I start a new...

Last updated: Sep 28, 2023 01:38PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Believe there is a bug in the Exploiting NoSQL operator injection to bypass authentication web academy

Have confirmed can use NoSQL injection to login as wiener (injecting on username, password, or both)... but when attempt to login as administrator (or any other account), get a 500 error (unexpected # of results found). ...

Last updated: Sep 28, 2023 01:32PM UTC | 1 Agent replies | 5 Community replies | Bug Reports

Collaborator DNS Interaction Before Request

Hi, I have an issue reported by Burp Scanner in my current test for EL-based SSTI where a Collaborator domain has been injected resulting in a DNS lookup. The issue is that the Collaborator interaction is detected about 6...

Last updated: Sep 28, 2023 12:14PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

issue with 'add to sitemap' function

earlier on this year i was having issues with adding requests to sitemap under via the Repeater... Support told me then to please 'add to sitemap' using via the Logger. that worked well but now i am having another issue. the...

Last updated: Sep 26, 2023 02:33PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Internal cache poisoning (Unintended Solution)

Hello ^^, the lab: https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-internal, has a unintended solution! #) Steps Explanation We can overwrite the Host...

Last updated: Sep 25, 2023 11:16AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Match and replace rules doesn't work

Hello, I tried everything, "Match and replace rules" in the proxy settings doesn't work. Match (regex): ^User-Agent:.*$ Match (regex): User-Agent:.* Match (literal): User-Agent: Replace: User-Agent: HackerOne...

Last updated: Sep 25, 2023 12:44AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Cache key injection (Unintended Solution)

Hello, while I was doing Lab "Lab: Cache key injection" https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection, I ended up finishing it very...

Last updated: Sep 22, 2023 08:31AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

WebSocket messages can no longer be sent to Repeater

Hi, I and some of my colleagues are experiencing a bug where WebSocket messages can't be sent to Repeater. I tested both Burpsuite v2023.6.2 and v2023.7.-21628 installed on a Linux system and used the following steps to...

Last updated: Sep 22, 2023 08:23AM UTC | 4 Agent replies | 2 Community replies | Bug Reports

Lab SSRF with whitelist-based input filters

Hi, The document says the following You can embed credentials in a URL before the hostname, using the @ character. For example: https://expected-host:fakepassword@evil-host While the lab solution says Change...

Last updated: Sep 21, 2023 01:09PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Page 15 of 144

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image