Bug Reports - Page 26 - Burp Suite User Forum

Exploiting cross-site scripting to steal cookies

hello, i don't have burp pro so i craft a script but he don't not working, i think the challenge have a problem take my script : ``` <script> window.onload = function() { var data = “csrf=” +...

Montoya Persistence setBoolean IndexOutOfBounds

Hi, I'm getting the following error when attempting to save a boolean value to Persistence: java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at burp.Zbg.ZjV(Unknown Source) at burp.Zknd.Zu(Unknown...

Glitch in the Burp Professional Edition 2023.7.2

I got the problem with Burpsuite Professional v2023.7.2 on windows desktop, sometimes when I use burp, the display will error like a follow my mouse wherever go. I don't know it's a glitch or anything. I have tried to clean...

collaborator health check

I had some issues with Collaborator in my burp suite, returning an error such as the following when performing a run health check No connections to kf3pmflypc2tgvviglrzzfgn6ecrqaasev3.oastify.com could be opened. The...

Unable to open or create project files

Hi, I suddenly can not open or create any project files. The program was stuck, as usual. I killed it through the task manager, and I could not open/create any project file afterward. The error I am getting when trying to...

Missing GUI elements with Ubuntu 22.04 Wayland

After a recent update to Ubuntu 22.04 (Wayland) when launching Burp Suite Professional many of the GUI elements (radio options, text, scroll combos) have missing components making the GUI difficult to navigate. This...

Plaintext Password Storage

Hello, If upstream proxy authentication is configured, the password is stored in cleartext within UserConfigPro.json; line 23 in my file. Cheers, Mark

Match and Replace does not seem to work correctly with CJK characters

I'm trying to replace a JSON which contains Japanese characters, I want to replace them with Chinese characters, then the HTTP history shows that no modification was made. (by the way I was unable to send this post until...

Obfuscating attacks using encodings href example

Hello! Just a quick question. Is the example `<a href="javascript\u{0000000003a}alert(1)">Click me</a>` up to date here:...

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Repeater - zero highlights

Hi, I noticed something strange in the latest version of Burp Suite. When I use the search tool in the Repeater tab, it always says that it couldn't find any results, even though there are actually some matches.

Burp Suite Community Edition crashes and lags

Hello, I am using the Community version of Burp Suite and I have been experiencing some issues with the software. Every time I start it, it crashes and is full of lags and hangs. The experience with Burp Suite has been...

many tags and events get missing when 'copied to clipboard' in xss cheat sheet

Windows High DPI Scaling Issues

I have a 4k monitor on my laptop, currently set to 175% display scaling in Windows 11. In Burp, all text is noticeably fuzzy compared to other applications. I've read through all the related posts on this forum, none of...

Burp Suite crashes for some amount of time or takes a lot of RAM in this case ????

When I look at the Http History,Repeater Tabs If request or response contains large data, after I clicked that request burpsuite freezes for half an hour until that request loads. It looks like a kind of normal text editor...

Login Record Sequence

I recorded a login sequence successfully. when replaying a recorded login sequence i realized that it does the first 2 steps opening the webpage and typing the user name. but it does not click on the next button and stays...

Tutorial (possible issue): HTTP request smuggling, basic TE.CL vulnerability

Dear Burp Suite, No hurry. I'll work on other tutorials. But this one seems to be broken at the moment. In running this tutorial, getting an unexpected error. HTTP/1.1 400 Bad Request "error":"Read timeout" 1)...

Other labs are opening except this one

this lab is not opening. is there a problem from your end (other labs are opening except this one) Lab: Reflected XSS with event handlers and href attributes blocked EXPERT LAB

Lab: SQL injection attack, querying the database type and version on Oracle

Hello there, I don't know if this legal but I'm going to write exactly what I did and the error I encountered (It doesn't say I have solved the lab). So I determined the number of columns required for the Query and...

Even if you search with the search bar, the number of matches is not displayed and "0 highlights" is displayed.

When searching for a string entered in advance in the HTTP message editor, the number of matches is not displayed in the search bar, and "0 highlights" is displayed. A few versions of burp used to show the number of matches...