Bug Reports - Page 17 - Burp Suite User Forum

Issue with simulated victim user in Lab: Internal cache poisoning

Hi. There seems to be an issue with the simulated victim user for this lab that the lab doesn't get solved even when the cache is poisoned. Thx

there is a way to crack the burp suite pro

i was looking for a crack for the burp suite pro ""only to report it, i just like the burp suite "" and i found a crack file on the internet for the burp site pro i will tell ware but only in private like with an email...

this labrator is not working to properly, i even used the solutions but it didn't work

hello their portswigger support, first of all ty forthis good platform, im solving sqli labrators ut this labrator is not working to properly i think some thing in back end is wrong the labrator =>...

Academy Lab Bug

Hello! I have been working through the Race Conditions topic, and am stuck on the last lab, Exploiting Time-Sensitive Vulnerabilities. I understand the concept, but the requests for username=wiener and username=carlos...

Forcing HTTP/1.0, particularly using Repeater

With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should...

Enterprise Edition: JUnit file cannot be parsed with Jenkins

Hi team, Our team is using the CI-driven scan feature of the Enterprise Edition integrating Jenkins and we are currently facing "XML Parsing Error: reference to invalid character number" error when we try to display the...

Site Map Overwriting Responses on Case-Sensitive Website

Hello, Burp Suite Professional v2024.3.1.3 appears to be overwriting page responses within the sitemap, rather than creating new entries, on case-sensitive websites. I am uncertain when this behaviour started, it was also...

Failed to Load Browser

I am getting below error. I have tried to install Burp to 'c:\tools\Burp' folder but I am still getting error. Can you advise? --------------------------- Error Loading Extension --------------------------- Failed to...

Couldn't load main class

Suddenly after burp was working perfectly I am getting now this error "Couldn't load main class" when i try to launch burp pro.

Blind SSRF with out-of-band detection Doesn't wrok

I have been testing relentlessly on this lab. No referrer header is displayed anywhere. I even manually put it in on every single page. Every single item Id page. I tried burp collab and webhook nothing. Whats wrong?

I cannot access any of the labs, I keep getting the "Bad Request" error message

Tried Brup's built in browser, Firefox, resetting the learning path.

The "Parameters" tab does not appear in "API details"

Hello. Please help me with the following question. When I try to run an API scan (New scan > API scan) I encounter the problem that there is no tab "Parameters" in "API details" (New scan > API scan > API details >...

maybe a problem with the lab : Reflected XSS protected by very strict CSP, with dangling markup attack

I can solve the lab when I play the role of the victim but when I send payload to the victim I don't get the CSRF token

Some of the CORS labs don't work anymore on firefox and chrome

Some of the CORS labs don't work anymore since a new update on firefox and chrome due to new security put into place on third party cookies called 'Partitioned' attribute. While it is still possible to solve the lab by...

Installing Burp Suite on Kali Linux Virtual Machine in a MAC Computer M2 processor

Hi, I am trying to install Burp Suite on Virtual Machine running Kali Linux. My computer is a MAC with M2 processor. I include the following command on my terminal: sudo apt-get install...

Lab freezes when deploying xss

The first two xss labs (I have not tried the others) crashes when xss payloads are sent. For example in the first lab i type the xss payload into the search box and click the search button. And Then, the web site starts load...

IScannerInsertionPoint.getPayloadOffsets() causes scan failures when null is returned

Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the...

httpResponseReceived.body() returns everything that follows a HTTP/1.1 100 Continue header as the body

In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...

Lab: Web cache poisoning via an unkeyed query string

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...

Insane Lag

Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.