Bug Reports - Page 3 - Burp Suite User Forum

Burp Suite requires discrete GPU on macOS

When running Burp Suite on a macOS machine with a discrete GPU the GPU is activated which reduces the battery life of the device. Does Burp Suite specifically require access to the GPU? I suspect this is most likely...

Apache Log4j < 2.15.0 Remote Code Execution (Nix) (155999)

Tenable reported bug on Burp Enterprise Synopsis A package installed on the remote host is affected by a remote code execution vulnerability. Description The version of Apache Log4j on the remote host is < 2.15.0....

Cannot access the lab

I cannot access the lab. When I press "Access the lab", it shows "The connection has time out". I tried in Chrome, Firefox, Edge and they had same result. Thank you!

Corrupted project after reboot

Hello, I experienced a file project corruption after a suddend machine reboot (win 10). I was working on last Burp Professional version (2021.10.3). Unfortunately, the project restore was able only to recover a minimal...

SAML Raider Extension

Not working - reports the below: <SAMLRaiderFailureInInitialization></SAMLRaiderFailureInInitialization>

Lab: Authentication bypass via OAuth implicit flow

Lab: Authentication bypass via OAuth implicit flow is broken :/ It gives SessionNotFound: invalid_request error when I try to login in your own "social media"

Scanner is crawling and auditing out of scope items.

Hello, I am attempting to automate some tests with crawl and audit. I have defined my scope to exclude *.css files. When I use scan to crawl and audit, the crawl will find the *.css files and audit will start auditing...

New Scan says out of scope for in-scope URL

Hi there, Burp 2.0.3 is telling me that the scope URL I'm defining for a new scan (when clicking the button in the dashboard) is out of scope. URLs to scan: http://192.168.44.32/ Currently defined as scope...

Not supporting ÅÄÖ characters in Extensions

Hello! I am not sure if this is a burp issue or a extension creator issue. However, i will still make an attempt in a hopeful fix to my issue! * Specs: Burpsuite v2021.10.3 Windows 10 Pro OS Build 19044.1348 Jython...

Activations

I have been getting Burp to work on an EC2 instance and apparently have exceeded my activation's allotted. Would it be possible to extend these temporarily... at least until this log4j thing is over? Thanks in...

Scans not completing

I'm having an issue with scans progressing. After canceling a scan and reviewing the debug log I notice multiple iterations of the following error. 2021-12-16 17:54:42 [r] INFO - Exception report: 2021-12-16 17:54:42 [r]...

Burp not responding

When I set my Firefox's proxy to work with burp, burp does not intercept any request, also none of the pages load on Firefox, which is quite obvious if intercept is on. Also note that I have tried to open burp with and...

Lab: Blind XXE with out-of-band interaction via XML parameter entities

I am trying to access this lab today, and it is down or returning an error when trying to load. Just for your info, so you can look into it. I've been doing other XXE labs which are working fine.

Web Academy XXE Labs

In an update to my last post, there are six labs in total affected. I've had other users at home check also, so isn't just a local issue. These are the affected labs containing error reports on loading Lab: Exploiting...

Active Scanner does not detect CVE-2021-43798 (Grafana Directory Traversal File Read)

Hi, Grafana recently posted about a vulnerability (CVE-2021-43798) in their product at https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ This...

burp collaborator Not working - I verfied it through Wireshark

To be exact the Polling Server is not working as per the error below: No connections to the polling server at polling.burpcollaborator.net could be opened. The collaborator will not work in this configuration.

Burp doesn't remember the extension I'm using when I click on another url

Hello, In Burp 2021.6.2, in Proxy -> HTTP History when I choose an extension for example name A, when I click on every links, that extension A is auto loaded. But later Burp, when I click on other links, it auto select Raw...

Web cache poisoning via the Host header Lab

I completed the successfully displaying alert(document.cookie) after poisoning the cache, but the state of the lab still says: Not solved

Academy labs no response problem

On academy labs i do not get response from server. "This site can’t be reached" Every few minutes today.

Burp changes response headers case

I noticed that during http2 requests BURP changes the response headers to "First Capital" so any reponse header like some-somethingelse-anything : any value will be replaced as Some-Somethingelse-Anything : any...