Bug Reports - Page 3 - Burp Suite User Forum

Active Scanning Using Default Collaborator Server Spoofing Instead of Private Collaborator Server

Under Project Options, I have "Use a private Collaborator server" selected with the name of an external Ubuntu 16.04LTS host that has Burp Collaborator Server running on it. However, when I dig through the results from...

Lab - Exploiting XSS to perform CSRF

Hello! I'm trying out this lab and, after submitting the payload to the comment section, the lab does not solve at all. I have confirmed that the payload works by accessing myself the forum and i see that the...

Audit Item Status shows " Error Request time out and Unknown Errors "

Hi, While using the Active scan & Crawl Audit scan against my Webserver. Scan is not able to completed it. * I could see " skipping Current Insertion point due to many consecutive un known errors. * For few...

Intruder marks are shifted

Dear PS team, I'm using Burp on MacBook Pro via Fusion VM - standard version with no strange configuration. I've found annoying Burp behaviour when im in Intruder - every positions marks made by Burp or by me are shifted...

BurpSuite => Mobile App TLS Connection Problem

Hello, I have been getting a TLS connection error in the BurpSuite recently. I'm installing the "http://burp" Burp Certificate on mobile device. The certificate is running in the web browser. SSL OK. But, doesn't work...

SSL Handshake Error

With Burp, I am trying to view the following website - https://self-repair.mozilla.org/ but I am not able to proxy it via Firefox. The error received (in alerts) is - javax.net.ssl.SSLException: Received fatal alert:...

cross site script

I have scanned the application using Burp suite professional licensed version, where I have received the cross-site scripting please refer to the below issues description. The original request used a Content-type...

gzip in request

Im assessting a mobile application that sends HTTP requests compressed. I have activated the check "proxy>options>miscelaneous>unpack gzip/deflate requests". But, when the request is unpacked, the request has still the...

Cannot launch burpsuite on latest Kali

Hello. I have the latest Kali, fully updated/upgraded vm, including burpsuite community edition v2020.8.1. I have been unable to launch the burpsuite application. I have tried using jdk-14, jdk-11, and jdk-8. For each of...

Unable to find Burpsuite JAR file

I have downloaded the brupsuite pro edition and i see it is a .sh file. I am trying to follow the procedure mentioned but i am unable to find the .JAR file which is being mentioned in the steps. I am running the latest...

Can't install / launch burpsuite pro on latest Kali

Hi. I am trying to install burpsuite pro 2020.8 on the latest Kali release. I've tried using openjdk-11 as well as openjdk-8 with both results. after running burpsuite_pro_linux_v2020_8.sh I can see a new window hoping which...

Lab: Arbitrary object injection in PHP in Information Disclosure is missing from "All Labs" section

Hi Team, The following lab "Lab: Arbitrary object injection in PHP" is missing from "All Labs" section. So the total number of labs are actually 175. Someone might miss out on this one. :) Thanks and Regards, Vinay

CSRF vulnerability with no defenses lab

I've done everything I could to solve this lab, even used the official solution but everytime I store and view the exploit I get the message "Resource not found - Academy Exploit Server"

Project corruption

Every time i re-open already saved project burp says that the project file is corrupted and i have to repair that project to continue working. If i reopen the repaired project next time, burp again complains that the file...

v2020.8.1 struggles when started with another service listening on localhost:8080

If you start the new version of Burp with another service already listening on localhost:8080, the Burp Proxy screen will show Burp repeatedly attempting to start the service, resulting in an unselectable flickering entry in...

lab-web-cache-poisoning-with-an-unkeyed-header

Hello! I'm trying to complete the lab, but when I send the home page request adding the "X-Forwarded-Host: " header, the request is not completed....if I remove this header and just send the cache buster in the URL it works...

[bug] Burp in transparent proxy mode forwards request to wrong port when host in Host header is different from host in request

# Environment ## Configure system that will make request though Burp in transparent proxy mode. I've used Ubuntu 20.04 on VirtualBox with bridged adapter configured. Change default gateway of this system to system with...