Burp Suite User Forum

Turbo Intruder: always updating Content-Length header

Hello, I have been trying to launch a HTTP Desync attack using Turbo Intruder. Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, ...

Last updated: Mar 20, 2020 10:20AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp suite consuming all memory and locking on scanners.

Hello, I acquired the burp pro and since then I leave it doing scanners in domains. However it is always consuming all the memory of the Burp and in the end it crashes without finishing the scanner.

Last updated: Mar 19, 2020 10:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burpsuite starts up then disapears

On kali linux, when I open burp suite from the command line it opens and as soon as I click start burp suite disappears but is still running

Last updated: Mar 19, 2020 09:47AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Lab: "Web cache poisoning with an unkeyed header" cannot be completed.

I cannot get this lab [0] to work properly, even with the official solution. The instructions work perfectly fine for me, and the injected JS is executed in my browser. However, the "victim" never visits the site, so the lab...

Last updated: Mar 18, 2020 03:23PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Suite 2 and RSyntaxTextArea library

Hi, one of my plugin, Brida, uses RSyntaxTextArea library for syntax highlighting. Burp Suite 2 seems to use the same library but unfortunately due to a bug (see https://github.com/bobbylight/RSyntaxTextArea/issues/269 )...

Last updated: Mar 17, 2020 03:20PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Burp scanner using websocket doesn't work with proxy

By using BURP suit on my application , Burp blocks Web socket requests during proxy I configured local proxy on my browser and on Burp application Then tried login my application and starting capture –Web socket request...

Last updated: Mar 17, 2020 11:10AM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Burp Suite Chrome Cert Error: Error net::ERR_CERT_REVOKED

Hi, I'm running: Linux Mint 19.1 Chrome Version 73.0.3683.86 Burp Suite Pro v2.0.18 Beta And I'm getting a bunch of net::ERR_CERT_REVOKED when I use the Burp Suite proxy in Chrome. Cert is working perfectly in...

Last updated: Mar 17, 2020 10:40AM UTC | 8 Agent replies | 4 Community replies | Bug Reports

Backup file false positives

I am getting many, many instances of the "Backup file" issue type. The issue is that the scanner makes a request that is a variant of a legitimate request, for example instead of GET /users/sign_in.json, it will call GET...

Last updated: Mar 17, 2020 10:27AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

run-detectors: unable to find an interpreter for /usr/bin/burpsuite

When I try to start burpsuite community edition this error appears. I tried reinstall java multiple times (multiple versions) but it still doesn't work. Before today everything worked fine... Help would be appreciated

Last updated: Mar 14, 2020 06:55PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

install macOS Catalina

Getting he following error when opening the installer on macOS Catalina “Burp Suite Professional Installer.app” can’t be opened because Apple cannot check it for malicious software. This software needs to be updated....

Last updated: Mar 13, 2020 03:04PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

About out-of-band resource load(HTTP)

Burp Scanner scans may detect "out-of-band resource load (HTTP)". In some cases, a modified Host header or GET request URI parameter may be detected to the Burp collaborator host name, but this is a natural behavior, not an...

Last updated: Mar 13, 2020 11:46AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Enterprise vs Burp pro

Hello, We've noticed differences in testing results between Burp Enterprise and Burp Professional. May you share any documentation or reasons for the differences? Does Burp pro use a newer engine than Burp Enterprise?...

Last updated: Mar 12, 2020 06:52PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria

The solution for this lab has an incorrect reference to a .com site instead of the .net site. 11. In Burp Repeater, add the following header, remembering to enter your own exploit server ID: X-Forwarded-Host:...

Last updated: Mar 12, 2020 10:56AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Decoding doesn't work in read-only fields

In Burp v2020.1 you cannot convert (e.g. base64-decode) smth in the Proxy history (which is read only). When you selected the desired text and type Ctrl+Shift+B, the selection becomes slightly shorter (as if it was...

Last updated: Mar 12, 2020 09:46AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

"Intruder / Scan defined insertion points" doesn't work?

Latest version of Burp Pro - after adding/changing insertion points to a request in Intruder and selecting "Intruder / Scan defined insertion points" doesn't seem to work - it doesn't open the scan launcher nor can I add it...

Last updated: Mar 12, 2020 09:25AM UTC | 1 Agent replies | 2 Community replies | Bug Reports

Render broken in latest version - 2.0.22

Hello, in the latest version 2.0.22 the 'render' function is broken. Not only it opens in an external window now, which is unacceptable, but it displays only a blank page, always. It was working FINE in the previous...

Last updated: Mar 12, 2020 09:07AM UTC | 5 Agent replies | 10 Community replies | Bug Reports

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft [Broken]

I'm pretty experienced with SQL injection. I've been doing this lab and I even copied and pasted the answer from the solution section into the proper category and it still is returning a database error. The lab is broken...

Last updated: Mar 09, 2020 07:18PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Error importing custom CA

I have a custom CA that I've created using an existing rootCA in order to have all my devices already trusting burp. The commands used for that were: openssl genrsa -out burp.key 4096 openssl req -x509 -new -nodes...

Last updated: Mar 09, 2020 11:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

The exploit server for Lab: "Web cache poisoning with multiple headers" is a stuck

The exploit server for Lab: "Web cache poisoning with multiple headers" is a static website I think (https://acaf1f291e8c19678018001b014100dd.web-security-academy.net/). My lab is stuck because even after refreshing the...

Last updated: Mar 09, 2020 09:38AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Academy

Hi I tried out, the following piece on the third XSS lab: <lala onfocus="alert(document.cookie)" tabindex="1" id="x" autofocus>test</lala> or URL encoded,...

Last updated: Mar 09, 2020 09:23AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 3 of 45

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image