Bug Reports - Page 15 - Burp Suite User Forum

REST API. Get scan status after Burp restart: Task ID not found

Burp Suite Pro version: 2.1.05; Steps to reproduce: 1. Start Burp Suite Pro; 2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan; 3. Poll scan status...

Burp Browser Doesn't Work After Update

I have updated to the latest stable version v2023.5.2, and the burp browser was uninstalled from the burpbrowser directory. When trying to use the browser, the following error message pops: java.io.IOException: Cannot run...

BCheck Scanning issue with report issue and continue on scan launcher

Hey, just looking to see if its a known issue RE: Bchecks using "report issue and continue" via a host it works via the test cases tab but on running via "scan" and "launcher" and run with "Audit checks - BChecks only" and...

Repeter changes http method

If a server advertises h2 in ALPN, the repeater tool changes protocol to this and refuses to change back. To repeat, create a new tab in repeater and paste the following content: -------- GET / HTTP/1.1 Host:...

Lab: Offline password cracking

Hi all, I'm unable to spin up that lab. I'm always met with a 504 "Page isnt working now" error code. I know some of yours labs have been under maintenance for the past days; I was wondering if thats also one the lab...

Lab: Cross-Site WebSocket hijacking

Hi BurpSuite team ! I was hoping I could practice CSWSH but the lab is not working. A new tab is opened, and eventually closed automatically. Is this lab also part of the on-going maintenance? Thank you!

Cursor Not Accurate at Request/Response Editor

Hello, i have a problem with my burp. After I installed the latest version, my cursor is not accurate. It happens at request/response editor. For example, when I try to edit a request on the repeater tab, then I click on a...

False Positive based on Last-Modified header

Hi, Burp Scanning does check for "Date" header and its modification, even though its modified in response, it wouldn't call that a "Response Modification". However, the header "Last-Modified" is not whitelisted and...

Clickjacking labs not working

I have tried some of the apprentice clickjacking labs in the past and could not complete them even though the payload aligned perfectly. I have now come across this issue again in the lab: Exploiting clickjacking...

BurpSuite is unresponsive.

I clicked 'Compare Sitemaps' and it fills up to 100%, BurpSuite is unresponsive. Env: m3 max, I won't include the version of Java in Burp as it uses the bundler anyway (system uses openjdk 21.0.3 Zulu)

Server-side prototype pollution materials

Hi, I am going over the materials on server-side prototype pollution, and I noticed a bug. Specifically, in the `Status code override` section and the code snippet showing the `createError` function. ``` if...

Sort order Sitemap

My Sitemap stopped sorting alphabetically, and now just adds the sites in the order Burpsuite sees them. I can't find any setting to undo this. Looks like something is broken here. Started doing this since latest version...

burpsuite chromium makes my kali linux sometimes freeze

In recent days I have switched to using Firefox as my intercept browser (with foxyproxy addons) this is because when I use the built-in Chromium from Burpsuite, sometimes my laptop freezes within a few seconds. Do you know...

Access the Lab

Hello, i have an issue with all labs, that the button (Access Lab) is hiddden i can't find it anywhere!!!

Out-of-band resource load (HTTP) reported "after" failing to connect to the Collaborator server.

Recently all of our BURP Pro. scans began detecting Out-of-band resource load HTTP (Confidence level: CERTAIN) across different apps. However, this finding only appears "after" the event log reports "Failed to connect to the...

API Scan, use cookies from cookie.jar not working

Hi, when I start API Scan and have the session handling rule "Use cookies from Burp's cookie jar" active, no cookies are added to the requests. The Session handling tracer shows events: Applying rule: Use cookies from...

jython "Select File" broken

Currently having an issue (v2024.4.5.) where I click the button to "Select File" for the "Location of the Jython standalone JAR file" in the Extension settings and it fails to select anything. When the window pops up to...

Bchecks bug?

I don't understand, but this just doesn't work for me. ``` metadata: language: v2-beta name: "Sql Injection" description: "Classic SQL Injection" given query insertion point then if...

Burp Suite - missing "Drop all out-of-scope requests" in Target-Scope tab

Hi, There was a "Drop all out-of-scope requests" checkbox in the Target->Scope tab. It disappeared after an update. The workaround for now is to use the menu "Settings->Project->Scope" instead (the checkbox is still there...

Intermittent Freezing Issue During Crawling in Burp Suite Professional

I am using the latest version of Burp Suite Professional. While crawling, Burp Suite intermittently freezes for a few seconds before resuming. The duration of these freezes increases as the crawling progresses. I have also...