Bug Reports - Page 3 - Burp Suite User Forum

there is a way to crack the burp suite pro

i was looking for a crack for the burp suite pro ""only to report it, i just like the burp suite "" and i found a crack file on the internet for the burp site pro i will tell ware but only in private like with an email...

CORS Labs Resource not found

Hello, I retested the CORS labs and noticed that they cannot be solved on Burp browser and Firefox anymore (/log?key=%22Resource%20not%20found%20-%20Academy%20Exploit%20Server%22). Are you aware of this issue?

Shortcut Keys don't work

Hi, The shortcut keys (e.g. ctrl-C, ctrl-v) don't work in the new releases. Please fix. Thanks, Carl

CORS problem

This may be the app I'm testing, but I've updated to the latest version of Burp (2024.2.1.3) and it is breaking CORS on any browser proxied through it. Without Burp I can access the application I'm testing and the browser...

Could not connect to any start URLs. Problem Solution

Hello, I was having an Issue regarding a scan which I created in my Burp Enterprise. For some reason I kept on getting the Error, that the start URL in my scope could not get reached. Confused about that Error, I...

i got error liquibase.changelog - ChangeSet true::set collation on agent_pools.name for MySQL::PortSwigger encountered an exception

my burp suite enterprise server cannot running and i got 502 bad gateway while accessing web. this my ERROR log from /var/log/burpSuiteEnterpriseEdition/enterpriseServer.log 2024-04-01 12:55:24 ERROR...

Logger tab - Export to CSV overwrites without prompt

Found a fun bug in Burp 2024.1.1.6 - 1. Logger tab 2. Select all 3. Export as CSV 4. Accidentally click on the open project .burp file for the target a. Observe that unlike (Save data) there is **no** "Do you want to...

'Lab: Blind SQL injection with conditional responses' not working

Hello, I've been trying to solve the lab, but not even testing exactly the way the Academy is teaching or how community solutions were made (almost no difference at all) I can solve. I'm supposed to test for SQL payloads on...

Bypassing GraphQL brute force protections

Hi, you have Bug in the brute force to GraphQL, I did it right and the payload is correct but still I getting a message of: HTTP/2 200 OK Content-Type: application/json; charset=utf-8 X-Frame-Options:...

OAuth Labs seem to be misfunctioning

When trying to authenticate to auth server the following error is displayed: SessionNotFound: invalid_request at Provider.getInteraction...

Client TLS certificate loader doesn't work v2024.1.1.5 and v2024.1.1.6

Basically as title says client TLS certificate loader doesn't work. On step where you are supposed to select certificate file, when you click select file window pops up but it doesn't show any files that are in the directory...

Bug Lab Multistep clickjacking

Hello, after building the payload on exploit server and viewing the exploit, I was redirected to the login page. I tried to login as wiener again there but the CSRF token is invalid ("Invalid CSRF token (session does not...

CSRF Labs Broken?

Hi, Is it possible the CSRF labs are broken? I have attempted the following: - https://portswigger.net/web-security/csrf/lab-no-defenses -...

Encountered problem solving "port swigger labs".

Hi Team! I'm having trouble solving "clickjacking labs". Every time I try to "deliver exploit to victims", it doesn't work, and the lab stays unresolved. I've tried the solution given by PortSwigger and looked at several...

Lab "Reflected XSS into HTML context with all tags blocked except custom ones" cannot be validated

Hello, I'm trying to solve the lab "Reflected XSS into HTML context with all tags blocked except custom ones" with the solution provided and I also tried other solutions on the internet but when I deliver the exploit to the...

collaborator dns changed to oastify.com ?

has been mail collaborator switched to use oastify.com domain ? version: Professional v2202.3.9 build 13363 bodik

Embedded Browser

Hi, I use the embedded browser to access any site, it returns "Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH" in console. Any idea what is the issue?

EXAMITY IS GARBAGE

Please replace this proctoring company with something else - it could not be worse. If I see a cert that uses them in the future I will avoid it.

Slow lab response times

The lab 'Lab: Reflected XSS with event handlers and href attributes blocked' (https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked) seems to be responding very...

Clickjacking labs

Hi I am reporting a problem with the execution of clickjacking exercises. I am using a browser in burp. I perform the exercises according to the solutions. Selecting View exploit I noticed that the browser blocks...