Burp Suite User Forum

Create new post

Burpsuite Replay Login Recorder not working

Hi team, Currently we used BurpSuite Login Sequences to record my login to web application on almost our website for automatic scan. But today I encounter an error that after I recorded login sequences, I start a new...

Last updated: Sep 28, 2023 01:38PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Believe there is a bug in the Exploiting NoSQL operator injection to bypass authentication web academy

Have confirmed can use NoSQL injection to login as wiener (injecting on username, password, or both)... but when attempt to login as administrator (or any other account), get a 500 error (unexpected # of results found). ...

Last updated: Sep 28, 2023 01:32PM UTC | 1 Agent replies | 5 Community replies | Bug Reports

Collaborator DNS Interaction Before Request

Hi, I have an issue reported by Burp Scanner in my current test for EL-based SSTI where a Collaborator domain has been injected resulting in a DNS lookup. The issue is that the Collaborator interaction is detected about 6...

Last updated: Sep 28, 2023 12:14PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

issue with 'add to sitemap' function

earlier on this year i was having issues with adding requests to sitemap under via the Repeater... Support told me then to please 'add to sitemap' using via the Logger. that worked well but now i am having another issue. the...

Last updated: Sep 26, 2023 02:33PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Internal cache poisoning (Unintended Solution)

Hello ^^, the lab: https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-internal, has a unintended solution! #) Steps Explanation We can overwrite the Host...

Last updated: Sep 25, 2023 11:16AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Match and replace rules doesn't work

Hello, I tried everything, "Match and replace rules" in the proxy settings doesn't work. Match (regex): ^User-Agent:.*$ Match (regex): User-Agent:.* Match (literal): User-Agent: Replace: User-Agent: HackerOne...

Last updated: Sep 25, 2023 12:44AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Cache key injection (Unintended Solution)

Hello, while I was doing Lab "Lab: Cache key injection" https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-cache-key-injection, I ended up finishing it very...

Last updated: Sep 22, 2023 08:31AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

WebSocket messages can no longer be sent to Repeater

Hi, I and some of my colleagues are experiencing a bug where WebSocket messages can't be sent to Repeater. I tested both Burpsuite v2023.6.2 and v2023.7.-21628 installed on a Linux system and used the following steps to...

Last updated: Sep 22, 2023 08:23AM UTC | 4 Agent replies | 2 Community replies | Bug Reports

Lab SSRF with whitelist-based input filters

Hi, The document says the following You can embed credentials in a URL before the hostname, using the @ character. For example: https://expected-host:fakepassword@evil-host While the lab solution says Change...

Last updated: Sep 21, 2023 01:09PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Turbo Intruder - X-Protobuf

Turbo intruder does not seem to support "Content-Type: application/x-protobuf". Try this on recaptcha v3.

Last updated: Sep 21, 2023 12:11PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

i can not access labs

when i open labs it load a page says 'Bad Request' kind regards, Muhammad

Last updated: Sep 21, 2023 08:31AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Tabs and tab groups disappeared after Burp restart

I worked on Repeater for a few days and added tabs and tab groups for the endpoints I was testing. Eventually, I created one tab that messed up a few tab groups. Then, after organizing the new Repeater tabs in groups, I...

Last updated: Sep 19, 2023 08:07AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Exploiting cross-site scripting to steal cookies

hello, i don't have burp pro so i craft a script but he don't not working, i think the challenge have a problem take my script : ``` <script> window.onload = function() { var data = “csrf=” +...

Last updated: Sep 14, 2023 01:37PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Montoya Persistence setBoolean IndexOutOfBounds

Hi, I'm getting the following error when attempting to save a boolean value to Persistence: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at burp.Zbg.ZjV(Unknown Source) at burp.Zknd.Zu(Unknown...

Last updated: Sep 14, 2023 12:02PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Glitch in the Burp Professional Edition 2023.7.2

I got the problem with Burpsuite Professional v2023.7.2 on windows desktop, sometimes when I use burp, the display will error like a follow my mouse wherever go. I don't know it's a glitch or anything. I have tried to clean...

Last updated: Sep 14, 2023 09:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

collaborator health check

I had some issues with Collaborator in my burp suite, returning an error such as the following when performing a run health check No connections to kf3pmflypc2tgvviglrzzfgn6ecrqaasev3.oastify.com could be opened. The...

Last updated: Sep 12, 2023 01:33PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

"Cross-domain Referer leakage" is reported despite referrerpolicy attribute

Hello, an active scan on one of our applications reports a "Cross-domain Referer leakage". Taking a look at the response tab in Burpsuite, the following snippet is highlighted: <a class="info-box" target="_blank"...

Last updated: Sep 12, 2023 10:46AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Unable to open or create project files

Hi, I suddenly can not open or create any project files. The program was stuck, as usual. I killed it through the task manager, and I could not open/create any project file afterward. The error I am getting when trying to...

Last updated: Sep 12, 2023 07:42AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Missing GUI elements with Ubuntu 22.04 Wayland

After a recent update to Ubuntu 22.04 (Wayland) when launching Burp Suite Professional many of the GUI elements (radio options, text, scroll combos) have missing components making the GUI difficult to navigate. This...

Last updated: Sep 12, 2023 07:07AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Plaintext Password Storage

Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

Last updated: Sep 11, 2023 07:44AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Page 17 of 145

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image