Bug Reports - Page 20 - Burp Suite User Forum

burp suite page clutter

Hello Unfortunately, I have a problem with the page clutter of the software I have deleted and installed several times I also deleted other versions of Java and reinstalled it It doesn't make any difference and randomly...

The Weiner account password has been changed

The Weiner account password has been changed and I do not know the password and I cannot enter any laboratory. Please help because I would like to help you.

CORS Labs Resource not found

Hello, I retested the CORS labs and noticed that they cannot be solved on Burp browser and Firefox anymore (/log?key=%22Resource%20not%20found%20-%20Academy%20Exploit%20Server%22). Are you aware of this issue?

CORS problem

This may be the app I'm testing, but I've updated to the latest version of Burp (2024.2.1.3) and it is breaking CORS on any browser proxied through it. Without Burp I can access the application I'm testing and the browser...

Could not connect to any start URLs. Problem Solution

Hello, I was having an Issue regarding a scan which I created in my Burp Enterprise. For some reason I kept on getting the Error, that the start URL in my scope could not get reached. Confused about that Error, I...

i got error liquibase.changelog - ChangeSet true::set collation on agent_pools.name for MySQL::PortSwigger encountered an exception

my burp suite enterprise server cannot running and i got 502 bad gateway while accessing web. this my ERROR log from /var/log/burpSuiteEnterpriseEdition/enterpriseServer.log 2024-04-01 12:55:24 ERROR...

Logger tab - Export to CSV overwrites without prompt

Found a fun bug in Burp 2024.1.1.6 - 1. Logger tab 2. Select all 3. Export as CSV 4. Accidentally click on the open project .burp file for the target a. Observe that unlike (Save data) there is **no** "Do you want to...

'Lab: Blind SQL injection with conditional responses' not working

Hello, I've been trying to solve the lab, but not even testing exactly the way the Academy is teaching or how community solutions were made (almost no difference at all) I can solve. I'm supposed to test for SQL payloads on...

Bypassing GraphQL brute force protections

Hi, you have Bug in the brute force to GraphQL, I did it right and the payload is correct but still I getting a message of: HTTP/2 200 OK Content-Type: application/json; charset=utf-8 X-Frame-Options:...

OAuth Labs seem to be misfunctioning

When trying to authenticate to auth server the following error is displayed: SessionNotFound: invalid_request at Provider.getInteraction...

Client TLS certificate loader doesn't work v2024.1.1.5 and v2024.1.1.6

Basically as title says client TLS certificate loader doesn't work. On step where you are supposed to select certificate file, when you click select file window pops up but it doesn't show any files that are in the directory...

Bug Lab Multistep clickjacking

Hello, after building the payload on exploit server and viewing the exploit, I was redirected to the login page. I tried to login as wiener again there but the CSRF token is invalid ("Invalid CSRF token (session does not...

Encountered problem solving "port swigger labs".

Hi Team! I'm having trouble solving "clickjacking labs". Every time I try to "deliver exploit to victims", it doesn't work, and the lab stays unresolved. I've tried the solution given by PortSwigger and looked at several...

Lab "Reflected XSS into HTML context with all tags blocked except custom ones" cannot be validated

Hello, I'm trying to solve the lab "Reflected XSS into HTML context with all tags blocked except custom ones" with the solution provided and I also tried other solutions on the internet but when I deliver the exploit to the...

Embedded Browser

Hi, I use the embedded browser to access any site, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console. Any idea what is the issue?

EXAMITY IS GARBAGE

Please replace this proctoring company with something else - it could not be worse. If I see a cert that uses them in the future I will avoid it.

Clickjacking labs

Hi I am reporting a problem with the execution of clickjacking exercises. I am using a browser in burp. I perform the exercises according to the solutions. Selecting View exploit I noticed that the browser blocks...

websocket history garbled text

Only websockethistory is garbled. httphistory and others are not garbled. How can I fix the garbled websockethistory? I'm attaching a...

Combining web cache poisoning vulnerabilities

Hello I am following the solution steps provided and followed the video solution as well but the lab is not solved. When I put "X-Original-Url: /setlang\es" in the GET / . it doesn't redirect me to the localised=1. it...

Send to repeater failing

I can't reliably reproduce it but it seems that sometimes when sending requests to repeater from the proxy history they aren't populated correctly. This has occurred perhaps 4 or 5 times in a day of testing and speaking to...