Bug Reports - Page 2 - Burp Suite User Forum

Google "This browser or app may not be secure" error

Hello - When attempting to authenticate with accounts.google.com on the built in Burp browser, I am getting the error: Couldn’t sign you in This browser or app may not be secure. After entering email address in...

collaborator health check

I had some issues with Collaborator in my burp suite, returning an error such as the following when performing a run health check No connections to kf3pmflypc2tgvviglrzzfgn6ecrqaasev3.oastify.com could be opened. The...

"Cross-domain Referer leakage" is reported despite referrerpolicy attribute

Hello, an active scan on one of our applications reports a "Cross-domain Referer leakage". Taking a look at the response tab in Burpsuite, the following snippet is highlighted: <a class="info-box" target="_blank"...

Unable to open or create project files

Hi, I suddenly can not open or create any project files. The program was stuck, as usual. I killed it through the task manager, and I could not open/create any project file afterward. The error I am getting when trying to...

Missing GUI elements with Ubuntu 22.04 Wayland

After a recent update to Ubuntu 22.04 (Wayland) when launching Burp Suite Professional many of the GUI elements (radio options, text, scroll combos) have missing components making the GUI difficult to navigate. This...

Plaintext Password Storage

Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

Match and Replace does not seem to work correctly with CJK characters

I'm trying to replace a JSON which contains Japanese characters, I want to replace them with Chinese characters, then the HTTP history shows that no modification was made. (by the way I was unable to send this post until...

Obfuscating attacks using encodings href example

Hello! Just a quick question. Is the example `<a href="javascript\u{0000000003a}alert(1)">Click me</a>` up to date here:...

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Repeater - zero highlights

Hi, I noticed something strange in the latest version of Burp Suite. When I use the search tool in the Repeater tab, it always says that it couldn't find any results, even though there are actually some matches.

Burp Suite Community Edition crashes and lags

Hello, I am using the Community version of Burp Suite and I have been experiencing some issues with the software. Every time I start it, it crashes and is full of lags and hangs. The experience with Burp Suite has been...

many tags and events get missing when 'copied to clipboard' in xss cheat sheet

Windows High DPI Scaling Issues

I have a 4k monitor on my laptop, currently set to 175% display scaling in Windows 11. In Burp, all text is noticeably fuzzy compared to other applications. I've read through all the related posts on this forum, none of...

Burp Suite crashes for some amount of time or takes a lot of RAM in this case ????

When I look at the Http History,Repeater Tabs If request or response contains large data, after I clicked that request burpsuite freezes for half an hour until that request loads. It looks like a kind of normal text editor...

Login Record Sequence

I recorded a login sequence successfully. when replaying a recorded login sequence i realized that it does the first 2 steps opening the webpage and typing the user name. but it does not click on the next button and stays...

Tutorial (possible issue): HTTP request smuggling, basic TE.CL vulnerability

Dear Burp Suite, No hurry. I'll work on other tutorials. But this one seems to be broken at the moment. In running this tutorial, getting an unexpected error. HTTP/1.1 400 Bad Request "error":"Read timeout" 1)...

Other labs are opening except this one

this lab is not opening. is there a problem from your end (other labs are opening except this one) Lab: Reflected XSS with event handlers and href attributes blocked EXPERT LAB

Lab: SQL injection attack, querying the database type and version on Oracle

Hello there, I don't know if this legal but I'm going to write exactly what I did and the error I encountered (It doesn't say I have solved the lab). So I determined the number of columns required for the Query and...

Lab: CORS vulnerability with basic origin reflection not working

In this lab, I'm stuck on step 5 of the solution: In the browser, go to the exploit server and enter the following HTML, replacing YOUR-LAB-ID with your unique lab URL: <script> var req = new XMLHttpRequest(); ...

Activation Failed

Hi, today my burp pro crashed and when I try to activate it again, I get an error "An error occurred during activation. Please retry." So mb you have some problems on activation service, cause my license is active.