Bug Reports - Page 19 - Burp Suite User Forum

Lab: Web cache poisoning via an unkeyed query string

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...

Insane Lag

Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.

burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum

The community edition burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum for either SHA 256 or MD5. The file has been downloaded several times, and the result is always the same. "SHA256 ...

Big space after words

I'm using Burpsuite (newest stable) in 2K monitor in ParrotOS, and there seems to be a rendering error only in Request/Response field where I see space cursor far behind character position where I typed. There seems to be a...

'Credit Card numbers disclosed' finding false positive

Hi there, Using Burp 2024.2.1.5. As part of passive scanning a 'Credit Card numbers disclosed' finding was reported: Issue detail: The following credit card number was disclosed in the...

Lab: CSRF where token is tied to non-session cookie solution not working due

Hi, i have an issue getting the solution to the lab working. Whenever i try to set the value of the csrf token with /?search=test%0d%0aSet-Cookie:%20csrfKey=8TIB6mcBo8vOoLZ1nSPocJae9QLOWMAw%3b%20SameSite=None the...

Can not increase concurent requests

Hi, I have created a new resource pool and changed the number of concurrent requests to 20, but the application works only with 10 concurrent requests. No other setting is changed. I can not increase the default number...

Charset problem in Intruder/Turbo Intruder

On Repeater: "value":"Викторов" On Intruder (before request): "value":"Ð’Ð¸ÐºÑ‚Ð¾Ñ€Ð¾Ð²" On Turbo Intruder (after request): "value":"8:B>@>2" Windows 11. Settings in Character set: Recognize automatically base on...

Software is Preventing Firefox From Safely Connecting to This Site

Hello, I'm having an issue getting Burp Suite professional v2024.2.1.5 edition with Firefox. The issue is on all https:// websites. I am now able to use burp from last 2 days. I know exactly how to install the...

Inacurate target despite in position tab I set the right target

I'm solving Labs in Web Security Academy, when I send a request to Intruder in the Position tab the target is right, I set the payload but when I launch Intruder after hours my attack doesn't work I noticed in the Restults...

Burp Professional v2024.2.1.3 massive resource consumption

After opening burp and having the program process a small number of intercepted requests (really just logging the requests to proxy history) my computer starts consuming massive amounts of resources. Specifically the Xorg...

Port Swigger Academy ranking is not updating.

Hi. I noticed I solved like 7 labs, but my position in the hall of fame didn't change. I solved like 5 apprentice and 2 practitioner labs. It's already been 2 weeks without updating, I guess. Is the hall of fame bugged?

Could not start Burp: java.lang.NullPointerException

Hi everybody, Today, after updating to latest version 2.1.06, I'm no longer able to launch Burp Pro. I also tried uninstalling, reinstalling, downgrading, but I always get the same not-so-informative exception message:...

Collaborator servers lack ipv6 support

No IPv6 support for any of the collaborator infrastructure: burpcollaborator1.portswigger.net has address 52.16.21.24 burpcollaborator2.portswigger.net has address 52.16.107.92 Knowing an ipv6 source address for...

" Exploiting clickjacking vulnerability to trigger DOM-based XSS" Lab broken

Hi everyone, it seems like the Lab "Exploiting clickjacking vulnerability to trigger DOM-based XSS" cannot be completed currently. The exploit works right away with Firefox, but it only worked on Chrome when i manually...

Not showing lab as solved.

I have been trying to solve the CSRF lab for 2 or 3 hours. Even after providing the payload script correctly, it shows as not solved. I have also tried providing the solution that PortSwigger has given, but it still doesn't...

Burp request editor automatically adding closing brackets and not inserting double quotes after slash

Hey folks, As of the latest update to the early adopter (2023.12.1) I've noticed when I edit a request with JSON contents, if I add an opening bracket Burp automatically adds a closing bracket immediately after (much like...

'paste from file' interface gets bugged and does not allow to open files

hi, i experienced some issues with the 'paste from file' functionality in the repeater. the 'choose a file to paste from' interface gets bugged and either does not show any files in the folder or i am unable to open them...

Lab: Remote code execution via polyglot web shell upload giving 500 response

tried uploading various .php files in the lab, they all get uploaded, but when we go back to /my-account. the request for GET /files/avatars/virusimage.php or whatever the name of the .php file is. it gives 500 error. added...

Vulnerable JavaScript dependency doesn't show up when I use the base URL as the start URL

Hi - I work for a company that maintains a number of websites, Burp Suite Pro found a Vulnerable JavaScript dependency in one of the JS libs on one of the sites, but I noticed that our more frequent scans done with Burp...