Bug Reports - Page 16 - Burp Suite User Forum

Visual glitches on Windows

I usually work on a Linux host but to take the exam for the certification, I installed Burp Suite Pro on a Windows host. I experience visual glitches that render the app unusable. It usually occurs after a few minutes of...

Burp Collaborator could not be resolved to an IP address.

The 'Burp Collaborator Health Check' is failing. The error message is as follows: "The capture server hostname <SUBDOMAIN>.burpcollaborator.net could not be resolved to an IP address. Ensure that an appropriate DNS entry...

UI Broken / Tabs gone after opening a saved temporary project

Hi team! Yesterday I was using a temporary project in memory. At the end of the day I still saved it using: Project -> Save copy. After opening the saved project today, it opens without any of the tool tabs (target,...

Collaborator payloads in Intruder fuzzing does not work

Hi, The case is as follows: I am using Intruder with "Fuzzing - full" dictionary and I've set payload processing: "Replace [base] with base value of payload position", "Replace [domain] with collaborator interaction id"...

I keep getting Broken Pipe error message

Hi, Please help. I keep getting Broken Pipe error whenever I tried to do Intercept. My burp version is v2023.10.3.7. My machine is Macbook pro with M1 chip. These are the things that I've done trying: 1. Tried to...

Import project file fails with Java error

I'm on Burp Suite Professional v2023.10.3.7 on Linux though this has been happening for awhile on older versions for me too. When I try to import project files, I receive a pop-up alert with the error message "An error...

suspecting a small mistake in SSRF topic

To whom it may concern, while learning and completing SSRF academy labs, I came across the topic "SSRF with whitelist-based input filters" under "Circumventing common SSRF defenses", and I believe there might be a small...

CSRF Labs Not Updating Solved Status

The CSRF labs seems buggy, I have tried all the labs, but non of them updates on successful "delivery of exploit to the victim". Following is a step-by-step breakdown, of what I am doing. 1. Login into my account 2. Add...

Repeatable bug in GUI (gui re-renders with shifting) when entering Min/Max/Step/etc values in Intruder

Burp Suite Professional v2023.10.3.6 Windows 10 22H2, GPU Titan X/Pascal on NVidia v546.17 drivers Default project/settings After triggering this bug, all GUI/any tab/any menu is broken and only Burp restart...

Http protocols mismatch

I run Chrome via `chrome --disable-http2`, the development tool bar shows that the protocol is http 1.1, but burp shows the http 2.0 protocol. Screenshot: https://ibb.co/VJs16Xb Site url:...

Burp proxy cannot reach my local DVWA instance

Hi. I am experiencing a really weird issue. I cannot for the life of me, figure out why this is not working. It was working yesterday, but not today. I am running a instance of DVWA (Damn vulnerable Web app) using...

Injection of line break (\r\n) into :path pseudo header gets stripped

While doing the lab "Web cache poisoning via HTTP/2 request tunnelling" I've noticed that the \r\n bytes are getting stripped when issuing a request in Repeater. Confirmed this issue in the Logger: Intended :path value: /...

unintentional, tabs spamming the screen

whenever i use certain tabs like repeater, after a request interception wherever i move my cursor many of same tabs keep getting spammed into the screen making it unable to use...

Duplicate secret file in "Remote code execution via web shell upload"

Hello, In the File upload vulnerability lab "Remote code execution via web shell upload", there is a duplicate secret file in the "/home/carlos" folder. Both files have the exact same name and content (I didn't know that...

Rest API Internal Server Error

After a system reboot, the REST API suddenly stopped working. I'm using Burp Enterprise. I can still start scans via the GUI, but all the API calls that used to work result in a 500 Internal Server error. Also, when I go...

Burp repeater Request editor scrambles bytes when switching between Raw and Hex

Here is a minimal test case to reproduce the problem To reproduce: 1. Open repeater tab, and focus raw Request editor 2. Insert a new line 3. Insert the following Base64 string: /w== 3. Select the base64 string (4...

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" lab

I hope this message finds you well. I wanted to bring to your attention an issue I encountered while working on the "Reflected XSS protected by very strict CSP, with dangling markup attack" lab. It seems that due to a recent...

Burp Suite Community Edition v2023.10.3.5 will not update itself

I have Burp Suite Community Edition v2023.10.3.5 and when I manually checked for updates I saw the following: An update is available. Version: Burp Suite Community Edition 2023.10.3.6 However, when I clicked on the...

Cannot access labs with Burp browser

I can log to Portswigger site but when I press Acess the lab, I have an error message: This site can’t be reached x.web-security-academy.net took too long to respond. ERR_TIMED_OUT Same things happened yesterday. I can...

Slow response time labs

Hi, I've noticed two labs having a very slow response time and sometimes causing a failed-to-connect error. It causes the labs to be nearly impossible to solve. The errors and slow response times have occurred in the...