Bug Reports - Page 22 - Burp Suite User Forum

NullPointer error when adding issue to sitemap

Adding AuditIssue via api.sitemap.add(...) causes NullPointerException This can be caused with the following minimal example: \`\`\` import burp.api.montoya.BurpExtension; import burp.api.montoya.MontoyaApi; import...

I finished Server-side vulnerabilities path but the progress was reset.

Good day! How can I restore my progress? I finished the Server-side vulnerabilities path. Then I logged in in a few weeks and I saw that I was on step 1 of the path.

Site map does not show selected request

When selecting a request in the tree on the site map panel, the corresponding request details are typically not displayed in the request and response text boxes. These text boxes usually show a previous request that was...

LAB Client-side prototype pollution in third-party libraries

Hi, can anybody double-check that DOM Invader is able to find a gadget for this one? I followed the solution steps and it doesn't seem to find the gadget as mentioned. Thank you

DOM Invader Prototype Pollution Lab

Hello I'm following along the prototype pollution lab. In the section "Finding client-side prototype pollution gadgets using DOM Invader" I follow the solution steps to solve the lab but when I click on the "Scan for...

Burp Suite Professional v2024.1.1.4 - Clicking Site Map Entry Shows Request/Response Data from Previous Item

When clicking an item in the site map the request and response data returned doesnt always match the item clicked. For example when clicking the following items /Authorisation, /Browser and then /login the request/response...

unable to intercept any requests on burp installed on mac

I'm unable to intercept any requests on newly installed community version burp on MAC. i have tried burp browser and as well other browsers. Nothing worked. i dont see any history or any calls till date. kindly help.

communication error on request but works fine in repeater

Hi when intercepting requests from application I am testing, two requests is failing and in the dashboard i see communication error, but when i send those requests to repeater the work as indented. below the request...

Problem with BS community option

https://forum.portswigger.net/thread/established-connection-aborted-by-the-software-87817cf7 I have the same problem here literally

Exploiting clickjacking vulnerability to trigger DOM-based XSS - Invalid CSRF token

Hi, how's everyone doing? I have been trying to solve this lab, but when doing the clickjacking, the form throws the following error: "Failed to submit feedback: "Invalid CSRF token (session does not contain a CSRF...

Unable to intercept a traffic on a Mobile App(iOS and Android)

Good Day, I was trying to intercept a traffic from a mobile device both iOS and Android, one application doesn't show any traffic on Burp, I tried turning Intercept, but still it was able to login to the application. No...

Academy Path Traversal Labs Not Working as Intended?

I'm having a nice time working through the academy labs. I've just started working through the path traversal labs where the focus is getting the server to load the /etc/passwd file. I've completed both the "File path...

In CL.0 request smuggling LAB, there exists vulnerability XSS

This is not a report. This is to announce something interesting that I just found during this lab practice.

BurpSuite Professional v2023.1.2 unable to connect to https://www.google.com

Just freshly installed Burp Suite Professional version 2023.1.2 Launched built-in web browser from Proxy -> Open browser. Tried to connect to https://www.google.com and received No response received from remote server....

PortSwigger Lab: Web cache poisoning with an unkeyed cookie

Having the same issue with Webcache Poisoning - unkeyed cookie. Have managed to trigger the pop up on the site whenever a viewer loads homepage, but the automated user who is supposed to visit the site never does. Not...

help bug..

I can't write anything..........

MontoyaAPI v2023.12.1 Invalid URL Exception in includeInScope API

Hello, many thanks to your efforts on the cool Montoya API. I'm using a MontoyaAPI v2023.12.1 (net.portswigger.burp.extensions:montoya-api:2023.12.1) with a BurpSuite Professional v2023.12.1 for Intel Mac. My custom...

Paused-Based Desync Detection reporting HTTP/2 requests

Hello! Burp Scanner's Client-Side desync check will sometimes report a firm status and confirm a paused-based desync vulnearbility. However. the attached requests on the issue, state that the requests are HTTP/2, which...

Academy Mystery Labs - File upload challenges are missing /home/carlos/secret

I have noticed that all of the Mystery challenges for file upload vulnerabilities do not have the required '/home/carlos/secret' file. This makes it impossible to submit the solution. Steps to reproduce: 1)...

Macth And replace does not work

Hello, Burp Suite Professional and Comunity version has an issue when the match & replace rule does not work. I have Macbook Pro with M1 and thought that was the issue but while testing with windows and i9 Macbook,...