Bug Reports - Page 21 - Burp Suite User Forum

suspecting a small mistake in SSRF topic

To whom it may concern, while learning and completing SSRF academy labs, I came across the topic "SSRF with whitelist-based input filters" under "Circumventing common SSRF defenses", and I believe there might be a small...

CSRF Labs Not Updating Solved Status

The CSRF labs seems buggy, I have tried all the labs, but non of them updates on successful "delivery of exploit to the victim". Following is a step-by-step breakdown, of what I am doing. 1. Login into my account 2. Add...

Repeatable bug in GUI (gui re-renders with shifting) when entering Min/Max/Step/etc values in Intruder

Burp Suite Professional v2023.10.3.6 Windows 10 22H2, GPU Titan X/Pascal on NVidia v546.17 drivers Default project/settings After triggering this bug, all GUI/any tab/any menu is broken and only Burp restart...

Http protocols mismatch

I run Chrome via `chrome --disable-http2`, the development tool bar shows that the protocol is http 1.1, but burp shows the http 2.0 protocol. Screenshot: https://ibb.co/VJs16Xb Site url:...

Burp proxy cannot reach my local DVWA instance

Hi. I am experiencing a really weird issue. I cannot for the life of me, figure out why this is not working. It was working yesterday, but not today. I am running a instance of DVWA (Damn vulnerable Web app) using...

Injection of line break (\r\n) into :path pseudo header gets stripped

While doing the lab "Web cache poisoning via HTTP/2 request tunnelling" I've noticed that the \r\n bytes are getting stripped when issuing a request in Repeater. Confirmed this issue in the Logger: Intended :path value: /...

unintentional, tabs spamming the screen

whenever i use certain tabs like repeater, after a request interception wherever i move my cursor many of same tabs keep getting spammed into the screen making it unable to use...

Duplicate secret file in "Remote code execution via web shell upload"

Hello, In the File upload vulnerability lab "Remote code execution via web shell upload", there is a duplicate secret file in the "/home/carlos" folder. Both files have the exact same name and content (I didn't know that...

Rest API Internal Server Error

After a system reboot, the REST API suddenly stopped working. I'm using Burp Enterprise. I can still start scans via the GUI, but all the API calls that used to work result in a 500 Internal Server error. Also, when I go...

Burp repeater Request editor scrambles bytes when switching between Raw and Hex

Here is a minimal test case to reproduce the problem To reproduce: 1. Open repeater tab, and focus raw Request editor 2. Insert a new line 3. Insert the following Base64 string: /w== 3. Select the base64 string (4...

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" lab

I hope this message finds you well. I wanted to bring to your attention an issue I encountered while working on the "Reflected XSS protected by very strict CSP, with dangling markup attack" lab. It seems that due to a recent...

Burp Suite Community Edition v2023.10.3.5 will not update itself

I have Burp Suite Community Edition v2023.10.3.5 and when I manually checked for updates I saw the following: An update is available. Version: Burp Suite Community Edition 2023.10.3.6 However, when I clicked on the...

Cannot access labs with Burp browser

I can log to Portswigger site but when I press Acess the lab, I have an error message: This site can’t be reached x.web-security-academy.net took too long to respond. ERR_TIMED_OUT Same things happened yesterday. I can...

Slow response time labs

Hi, I've noticed two labs having a very slow response time and sometimes causing a failed-to-connect error. It causes the labs to be nearly impossible to solve. The errors and slow response times have occurred in the...

No more activations allowed for this license

Hi!! Unfortunately I have had to reinstall my pc on several occasions and now when I try to install burp suite, I get the error "No more activations allowed for this license" Could you help me ? I need ASAP thank you very...

Burp Browser automatically upgrades http:// requests to https://

I have an application running on http://localhost:3000. It does not use https, and I've set a hostname in my /etc/hosts file so that I can access it via http://myapp:3000 Any time I attempt to load http://myapp:3000 in...

Issues are hidden if the PoC changes after an update

Consider the following scenario: In a new Burp project, you scan a website, and it gives you the following finding: ``` #1 XSS GET /?param=testag6vc%3cscript%3ealert(1)%3c%2fscript%3eln0yc param is vulnerable to...

BurpGPT Extension

I have tried to run burpgpt extension with burp-suite professional and getting the error message “javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure”, kindly assist to resolve the error.

Problem in payload suggested to solve lab "CSRF vulnerability with no defenses"

Hi guys, I have noticed a problem in the payload you suggested for solving the lab "CSRF vulnerability with no defenses", namely in this specific part: name="email"...

Bug on "Lab: Username enumeration via account lock"

Hello, I tried every way to solve the lab but I couldn't get any results. I think there is something wrong with some labs. I faced the same problem before. Should i send email to support's mail?