Burp Suite User Forum

Login to post

Active Scanning Using Default Collaborator Server Spoofing Instead of Private Collaborator Server

Under Project Options, I have "Use a private Collaborator server" selected with the name of an external Ubuntu 16.04LTS host that has Burp Collaborator Server running on it. However, when I dig through the results from...

Last updated: Sep 02, 2020 12:44PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Lab - Exploiting XSS to perform CSRF

Hello! I'm trying out this lab and, after submitting the payload to the comment section, the lab does not solve at all. I have confirmed that the payload works by accessing myself the forum and i see that the...

Last updated: Sep 02, 2020 12:44PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Audit Item Status shows " Error Request time out and Unknown Errors "

Hi, While using the Active scan & Crawl Audit scan against my Webserver. Scan is not able to completed it. * I could see " skipping Current Insertion point due to many consecutive un known errors. * For few...

Last updated: Sep 02, 2020 12:29PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Intruder marks are shifted

Dear PS team, I'm using Burp on MacBook Pro via Fusion VM - standard version with no strange configuration. I've found annoying Burp behaviour when im in Intruder - every positions marks made by Burp or by me are shifted...

Last updated: Sep 02, 2020 10:49AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

BurpSuite => Mobile App TLS Connection Problem

Hello, I have been getting a TLS connection error in the BurpSuite recently. I'm installing the "http://burp" Burp Certificate on mobile device. The certificate is running in the web browser. SSL OK. But, doesn't work...

Last updated: Sep 02, 2020 08:49AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

SSL Handshake Error

With Burp, I am trying to view the following website - https://self-repair.mozilla.org/ but I am not able to proxy it via Firefox. The error received (in alerts) is - javax.net.ssl.SSLException: Received fatal alert:...

Last updated: Sep 01, 2020 03:57PM UTC | 3 Agent replies | 11 Community replies | Bug Reports

cross site script

I have scanned the application using Burp suite professional licensed version, where I have received the cross-site scripting please refer to the below issues description. The original request used a Content-type...

Last updated: Sep 01, 2020 11:09AM UTC | 3 Agent replies | 3 Community replies | Bug Reports

gzip in request

Im assessting a mobile application that sends HTTP requests compressed. I have activated the check "proxy>options>miscelaneous>unpack gzip/deflate requests". But, when the request is unpacked, the request has still the...

Last updated: Sep 01, 2020 09:59AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Cannot launch burpsuite on latest Kali

Hello. I have the latest Kali, fully updated/upgraded vm, including burpsuite community edition v2020.8.1. I have been unable to launch the burpsuite application. I have tried using jdk-14, jdk-11, and jdk-8. For each of...

Last updated: Sep 01, 2020 09:49AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Unable to find Burpsuite JAR file

I have downloaded the brupsuite pro edition and i see it is a .sh file. I am trying to follow the procedure mentioned but i am unable to find the .JAR file which is being mentioned in the steps. I am running the latest...

Last updated: Sep 01, 2020 07:56AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Can't install / launch burpsuite pro on latest Kali

Hi. I am trying to install burpsuite pro 2020.8 on the latest Kali release. I've tried using openjdk-11 as well as openjdk-8 with both results. after running burpsuite_pro_linux_v2020_8.sh I can see a new window hoping which...

Last updated: Aug 30, 2020 05:16PM UTC | 4 Agent replies | 4 Community replies | Bug Reports

Lab: Arbitrary object injection in PHP in Information Disclosure is missing from "All Labs" section

Hi Team, The following lab "Lab: Arbitrary object injection in PHP" is missing from "All Labs" section. So the total number of labs are actually 175. Someone might miss out on this one. :) Thanks and Regards, Vinay

Last updated: Aug 30, 2020 07:56AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

CSRF vulnerability with no defenses lab

I've done everything I could to solve this lab, even used the official solution but everytime I store and view the exploit I get the message "Resource not found - Academy Exploit Server"

Last updated: Aug 28, 2020 12:42PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Project corruption

Every time i re-open already saved project burp says that the project file is corrupted and i have to repair that project to continue working. If i reopen the repaired project next time, burp again complains that the file...

Last updated: Aug 27, 2020 10:04AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

v2020.8.1 struggles when started with another service listening on localhost:8080

If you start the new version of Burp with another service already listening on localhost:8080, the Burp Proxy screen will show Burp repeatedly attempting to start the service, resulting in an unselectable flickering entry in...

Last updated: Aug 24, 2020 07:03PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

lab-web-cache-poisoning-with-an-unkeyed-header

Hello! I'm trying to complete the lab, but when I send the home page request adding the "X-Forwarded-Host: " header, the request is not completed....if I remove this header and just send the cache buster in the URL it works...

Last updated: Aug 24, 2020 03:09PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

[bug] Burp in transparent proxy mode forwards request to wrong port when host in Host header is different from host in request

# Environment ## Configure system that will make request though Burp in transparent proxy mode. I've used Ubuntu 20.04 on VirtualBox with bridged adapter configured. Change default gateway of this system to system with...

Last updated: Aug 24, 2020 01:52PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Reflected XSS finding with Burp Repeater

Hello, I have discovered a potential XSS vulnerability and would like to receive feedback from more experienced people. Okay, here it is. With Burp Repeater I was able to inject XSS payloads and with "show response" the...

Last updated: Aug 23, 2020 01:06PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Burp Embedded Browser non-functional in Kali 2020.3

Downloaded a new Kali 2020.3 vmware image and tried to use burp embedded browser. It is not diplayed properly: https://imgur.com/fuudEMH.png' It doesn't matter if I install from APT, install from x64 Linux installer or...

Last updated: Aug 22, 2020 12:09AM UTC | 0 Agent replies | 4 Community replies | Bug Reports

Using Burp Suite Pro - Windows installer 64 bit - 2020.8 And can't update...

Hi, I've been using Burp for years, but lately, I'm unable to update the app from within and use de Bapp Store also. Burp is installed on a windows 64 host, worked great for years, all networks are open and good to go....

Last updated: Aug 21, 2020 11:39AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 3 of 58

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image