Burp Suite User Forum

Login to post

BurpExtenderAPI - java.lang.NullPointerException: Cannot invoke "burp.ehv.a(burp.ikb)" because "<parameter1>" is null

Hello, I'm developing a burpsuite extension and I stumbled upon a problem with MessageEditorTab rendering. I have a basic plugin : BurpExtender.java - https://pastebin.com/xAZewdZT SimplePluginMessageEditorTab.java -...

Last updated: Aug 31, 2021 09:11AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

E

We are using Burp Suite Enterprise Edition for multiple years now. This year when I'm trying to update my license to the latest, it failing with error "Failed to upload license: An unexpected error occurred. If this problem...

Last updated: Aug 31, 2021 08:05AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: CSRF with broken Referer validation. Why

In Lab: CSRF with broken Referer validation, I tried the solution mentioned in (https://portswigger.net/web-security/csrf) and set Referrer-Policy: unsafe-url. But, it didn't work and the browser still sent the trimmed url...

Last updated: Aug 27, 2021 02:14PM UTC | 2 Agent replies | 4 Community replies | Bug Reports

Authentication bypass via OAuth implicit flow - SessionNotFound: invalid_request

Hi, The lab "Authentication bypass via OAuth implicit flow" is not working. After clicking "My account" page loads for few seconds and shows with error: SessionNotFound: invalid_request at Provider.getInteraction...

Last updated: Aug 27, 2021 01:45PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

NTLM authentication issue

Hello, We are trying to configure burp suite pro to scan a host that use NTLMv2 authentication however we are getting the following error in burp: "No NTLM challenge received from...". We have platform authentication...

Last updated: Aug 27, 2021 08:36AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp stopped working after did a 'apt upgade' on kali linux

└─$ sudo burp 2021-08-26 22:22:30 +0100: burp[2426] Could not find ssl_cert /etc/burp/ssl_cert-client.pem: No such file or directory 2021-08-26 22:22:30 +0100: burp[2426] Could not find ssl_key...

Last updated: Aug 27, 2021 08:20AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

App Crashes In Mac OS X

Hi, I'm getting this error log each time I run a new scan. I updated to the latest version of Burp. Please check and provide any solution. Process:               JavaApplicationStub [62907] Path:                ...

Last updated: Aug 27, 2021 07:43AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Internal Server Error on correct solution

Hi, I have been doing the SQLi exercises and everything was going fine until I was doing this exercise:...

Last updated: Aug 26, 2021 11:07AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Sqli third lab retrieve data from tables

I solved the lab but it is still showing as not solved ...

Last updated: Aug 25, 2021 05:44PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

The Intruder broke in 2021.8. x (the Resource pool does not work)

Hi! In the last two updates, my Intruder broke down. It ignores concurrent requests in the Resource pool. It doesn't matter whether I set 10 concurrent requests or 999, the process is extremely slow, 1-3 requests per...

Last updated: Aug 25, 2021 11:57AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp Scanner not Recognising Targets with advanced scope control configured

I am having issues when using advanced scope control top exclude certain hosts from scanning/testing. I need to use advanced scope control to specifically exclude a particular URL pattern, so that forces me to use a regex to...

Last updated: Aug 25, 2021 11:52AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Scanner not Recognising Targets with 'Advanced Scope Control' Configured

I am having issues when using advanced scope control top exclude certain hosts from scanning/testing. I need to use advanced scope control to specifically exclude a particular URL pattern, so that forces me to use a regex to...

Last updated: Aug 25, 2021 11:51AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

unable to start burp

whether it is creating a new/temporary project or trying to open up an old one. I get the below error on burp v2021.8 running on windows failed to create Burp project: cannot read the array length because "<local 8>" is...

Last updated: Aug 23, 2021 07:42PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Valid XSS not reporting in issues ? Is it me?

Using a standard test site: http://testphp.vulnweb.com/ <input name="searchFor" type="text" size="10"> Insert simple payload Into search box <script>alert(1);</script> Response: <h2 id='pageName'>searched for:...

Last updated: Aug 23, 2021 02:25PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Admin Password issue

Hi, Since yesterday I was able to login to the burpenterprise edition with my admin username and password and suddenly today I am not able to. I havenot forgot my password. It was the same one I was using since last few...

Last updated: Aug 23, 2021 08:37AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Lab: Modifying serialized data types - Debug dumps tokens

Hey, not sure if this a bug or a feature) So if in cookie you change username to not much token, username: carlos token: from peter Here it...

Last updated: Aug 20, 2021 02:26PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Scan Status is failed

Hi, dear Support! Please help me to understand the reason of the scan failure to achieve success. I'm using the Burp Suite Enterprise Edition Version: 2021.6-7240, Java version: 11.0.10 Sites > Sites with scan failures...

Last updated: Aug 20, 2021 12:29PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

DOM Invader extension (Burp Pro - v2021.8.1) is problematic under macOS 11.5.2

Clean install, everything looks fine, but when moving to DOM Invader Tab I can activate it, but changing the value of Canary is impossible and extension just feels very buggy in general.

Last updated: Aug 20, 2021 09:42AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Password reset poisoning Lab issue

Victim never makes call to forgot password through exploit url

Last updated: Aug 20, 2021 08:59AM UTC | 11 Agent replies | 11 Community replies | Bug Reports

Community Edition v2021.8.1 not working as expected

On Win10 last using CE 2021.5.1 without issue Upgraded to 2021.8.1 and the embedded browser would not load any https pages. Downloaded the CA cert, installed to embedded (Chromium) browser, Chrome 92.0.4515.131, Firefox...

Last updated: Aug 18, 2021 03:43PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Page 3 of 85

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image