Burp Suite User Forum

Login to post

HTTP history filter endless loop

Whilst trying to make an exclusion on the http history logs I noticed that the following pattern will send burp in an endless loop on the filter without the ability to cancel the process either. To reproduce, in my case I...

Last updated: Jan 06, 2022 01:29PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Duplicate Cookies Set When Empty Cookies Exist

Hello, When an empty cookie exists immediately before a replaced session cookie, the cookie is duplicated instead of replaced by session handling rules. For example, if the cookie jar has this cookie: Domain:...

Last updated: Jan 05, 2022 03:55PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

504 Gateway Timeout

Hello, I am using Burp Suite Professional and when completing the labs it randomly gives me an 504 Gateway Timeout. I have to close the lab completely and load it again, which consumes time because it does it quite a lot. Is...

Last updated: Jan 05, 2022 12:45PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

LAB Authentication bypass via OAuth implicit flow

I am trying to access lab "Authentication bypass via OAuth implicit flow" but when i go to https://acc41f931f795360c0081ada005a0002.web-security-academy.net/ and click on my account to login its giving me error after We are...

Last updated: Jan 05, 2022 09:04AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

unable to download burpsuite

looking at the download links for community and professional, ive tried loads of combinations, different browsers, different virtual machines, vpns but there doesnt even seem to be a download url associated with the download...

Last updated: Jan 05, 2022 07:13AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Captializing headers in repeater tab in http2

burp is Captializing the headers in repeater tab in http2 how can i solve this ,is there any method to fix this tanx in advance

Last updated: Jan 04, 2022 04:48PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Hostname Resolution ignored if SOCKS Proxy in use

Observed behavior: The Hostname Resolution section under Project options -> Connections is ignored if SOCKS Proxy is in use, with "Do DNS lookups over SOCKS proxy" enabled. Instead, Burp resolves the hostname via the...

Last updated: Jan 04, 2022 03:56PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Macth And replace does not work

Hello, Burp Suite Professional and Comunity version has an issue when the match & replace rule does not work. I have Macbook Pro with M1 and thought that was the issue but while testing with windows and i9 Macbook,...

Last updated: Jan 04, 2022 02:26PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Extensions unloading broken (?)

Hi, I would ask support for Burp as I'm issuing a strange anomaly while closing. I have likely 10 extensions loaded while doing my work. After I finished all, I close burp and I expect it to close. BUT, it actually unload...

Last updated: Jan 04, 2022 10:58AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

LAB: Reflected XSS with event handlers and href attributes blocked

Hi, I'm facing with an issue on this lab. I'm visiting this site which contains the XSS payload which creates an svg-animated anchor:...

Last updated: Jan 04, 2022 09:13AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Forced OAuth profile linking does not seem to deliver the exploit to the victim

Hello, I am trying to solve the mentioned lab but on the step #11 I get issues. It does not seem as the exploit is delivered to the victim because then I get logged back in as peter. Yes, I made sure to drop the request....

Last updated: Jan 04, 2022 09:11AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Two exactly same requests in repeater but one fails and the other doesn't

I recently found a SQL injection vulnerability in a app (through a verbose error returned indicative of SQL injection and tried exploiting it using sqlmap while proxying through Burpsuite. I noticed the connection was...

Last updated: Jan 04, 2022 08:44AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Is burpcollaborator.net down?

With auditing, I see this error in Dashboard. 1640162438780 Error Suite [5] The Burp Collaborator server used by the Burp Collaborator client is not reachable, change the settings to use this feature. Using the health...

Last updated: Dec 30, 2021 11:37AM UTC | 4 Agent replies | 5 Community replies | Bug Reports

Burp Chromium give "Not Secure" response during training

Hi I'm getting a "Not Secure" response while training for the Burp Professional. When I tried to intercept the https://portswigger.net/ site, I can see the HTTP call in Burp. But when I forwarded the call, I'm getting a...

Last updated: Dec 30, 2021 07:56AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Deploying Burp Suite Enterprise Edition on Azure

Hello, Following the instructions there : "https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-azure" for the latest version "Enterprise Edition 2021.12.1" and using Azure ARM template I have...

Last updated: Dec 29, 2021 10:06AM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Collaborator Polling Doesn't Work

I use a VM for BurpSuite, and Collaborator, on default configurations, is working very strangely. I am unable to access the created domain inside the VM, but I am able to access it outside (such as on my host machine). The...

Last updated: Dec 29, 2021 08:28AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

BurpSuite Collaborator Doesn't Work

I cannot connect to any BurpSuite Collaborator domains, and I use the default Collaborator server. When running a health check, the "Polling Server Connection" returns an error. The error message says that "No connections to...

Last updated: Dec 24, 2021 04:55PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Collaborator could not be resolved to an IP address.

The 'Burp Collaborator Health Check' is failing. The error message is as follows: "The capture server hostname <SUBDOMAIN>.burpcollaborator.net could not be resolved to an IP address. Ensure that an appropriate DNS entry...

Last updated: Dec 24, 2021 04:40PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Lab: Authentication bypass via encryption oracle is not starting

Hi! Web Security Academy >> Business logic vulnerabilities >> ExamplesLab >> Authentication bypass via encryption oracle when I try to run this lab, I see a long download and then a message ERROR: "An error occurred. We...

Last updated: Dec 24, 2021 02:37PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Bad request when accessing any lab

Hi Portswigger, I get a "400 Bad request" error when I try to access any of labs. Please advise. Thanks Oliver

Last updated: Dec 24, 2021 11:31AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 2 of 92

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image