Burp Suite User Forum

Create new post

Activation Failed: No more activations allowed for this license

Hello support, I regularly install new instances of Burp Suite every few months for operations. However, I recently ran into a problem trying to activate a new instance. Any help would be appreciated.

Last updated: Oct 02, 2024 07:04AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Proxy HTTP History - viewing panes not updating

When using the Proxy HTTP History, the request and response viewing panes stop updating after a period of use. The selected request is highlighted in the top pane, but this does not change the contents of the view panes...

Last updated: Oct 01, 2024 01:23PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

CSRF Labs Exploit Delivery Issue

For multiple labs, the exploit is being delivered to the victim, however, the exploit server logs don't show the victim user actually clicking on the exploit. Sometimes, this resolves automatically, however, in multiple...

Last updated: Oct 01, 2024 11:37AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Project repair generates project file with bad data

I have a project files which was corrupted owing to a power cut. Burp went through the repair process, but when opening the repaired file the Proxy tab is missing and the event log shows a message: Error...

Last updated: Oct 01, 2024 10:54AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Adding or Editting custom column hints break UI

Adding or Editting custom column hints breaks UI if a tooltip is displayed while typing. To reproduce; go to Proxy History, click the meatball menu, click Add Custom Column. Type the following (it is important to type...

Last updated: Oct 01, 2024 10:08AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

HTTP History occasionally hiding requests until I drag the divider to the right to make visible

For some reason random HTTP requests will only show the response with the request pane hidden until I drag the slider to reveal it. Most requests and responses are fine. I can see no pattern to this. Running 2024-8-1 32184...

Last updated: Oct 01, 2024 09:57AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Exploiting HTTP request smuggling to perform web cache poisoning - Failing to go to "Solved" status

Here is my cache poisoning / Smuggled request POST / HTTP/1.1 Host: 0a16007d0305e2b380340869000b001a.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 185 Transfer-Encoding:...

Last updated: Oct 01, 2024 01:18AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

CSRF lab not accepting my solution

I followed each and every steps of how I was directed in the video but still it shows some stuffs on top when I try to store or deliver expoloit or any buttons. Here it says " This is your server. You can use the form...

Last updated: Sep 30, 2024 10:27AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

Last updated: Sep 30, 2024 10:09AM UTC | 13 Agent replies | 16 Community replies | Bug Reports

LLM labs not working

I'm trying to solve LLM labs but the AI only show typing no matter commands I use. Try to refresh the page only gives me System: No chat history on record. I have try the lab with chrome and firefox. Even reconnect the...

Last updated: Sep 30, 2024 08:34AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Basic clickjacking with CSRF token protection

I'm having trouble with this lab. When I click on 'View exploit' I have the login page coming up, of course with no 'delete' button. I'm using Burp's browser Chromium and here's my script, of course I'm changing the lab Id...

Last updated: Sep 30, 2024 07:14AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Exploiting PHP deserialization with a pre-built gadget chain

Hello I have a problem with this lab, when I send my payload I got a next error: <div class="container"> <header class="navigation-header"> </header> <h4>Internal Server Error: Symfony...

Last updated: Sep 29, 2024 08:49PM UTC | 6 Agent replies | 6 Community replies | Bug Reports

There is a bug in Professional / Community 2024.7.6

When sending a message to the intruder, the message content will be automatically modified, resulting in the failure of the attack.For example, if there is JSON data in the request body, after sending it to the intruder, the...

Last updated: Sep 27, 2024 07:31AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Intruder results screen is blank, So frustuating

I work professional required burp intruder to work. This Burp professional never showing my intruder attacks ongoing or completed. I better off using community version, It works better. Refer:...

Last updated: Sep 26, 2024 04:12PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

CORS vulnerability with basic origin reflection

Hi, I used all kinds of different browsers but the administrator user won't click or do any interaction to retrieve the api key. the script I used: <script> var req = new XMLHttpRequest(); req.onload =...

Last updated: Sep 26, 2024 02:49PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Several labs not completing even though exact steps were followed

I have been following the recommended learning path. I am now at a point within the XSS section (and onwards) where none of the labs are completing/solving, despite following the exact steps listed under the solution tab or...

Last updated: Sep 25, 2024 04:44PM UTC | 5 Agent replies | 6 Community replies | Bug Reports

[Montoya] ResponseReceivedAction.continueWith not updating response anymore

Hello, I've noticed that in Burpsuite Pro 2024.8.1 (early adopter) that a plugin I wrote a few months ago using the Montoya API stopped working correctly. High level the code looks like: HttpResponse httpResponse =...

Last updated: Sep 25, 2024 04:29PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Indirect prompt injection (LLM attacks), email doesn't delete with account

Hello, I've completed this lab in the past but when I tried again, I can't. I follow these steps: -I create an account using the supplied email -I ask Live Chat to change my email to test@example.com -I go to Live...

Last updated: Sep 25, 2024 08:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Clickjacking with form input data prefilled from a URL parameter Lab Not Solved

Hey The lab just dont get solved its realy frustrading XD <style> iframe...

Last updated: Sep 25, 2024 08:29AM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Victim not visiting the pages on several labs

Dear support, The labs Exploiting cross-site scripting to steal cookies and Exploiting cross-site scripting to capture passwords are not working properly right now. Not only does it take a lot of time to launch the...

Last updated: Sep 25, 2024 08:25AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 3 of 155

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image