The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

"Blacklisted" responses in the WebSocket handshake manipulation lab

Hi, for some reason I started receiving an Unauthorized response during the lab "Manipulating the WebSocket handshake to exploit vulnerabilities" This only occurs at the /chat endpoint Request url (GET from...

Last updated: Oct 16, 2024 03:32PM UTC | 2 Agent replies | 4 Community replies | Bug Reports

Macro editor - Configure item Parameter Handling

Hi, I want to create a session handling rule with an appropriate Macro. When configuring the item I want to use a value in my request that "Derives from prior response". But the problem I have is that I only can "Use...

Last updated: Oct 16, 2024 03:02PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Cluster Bomb Attack Type

The second payload position for the cluster bomb attack type, keeps using the same password through out the attack. Instead of each email and password pair, or each username and password pair.

Last updated: Oct 16, 2024 02:33PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Copy/Paste only working in part of Burp suite with non-qwerty layoyt

I'm encountering an issue with Burp where the copy-paste functionality does not work within the Repeater tab. However, the copy-paste works fine in the search bar of the application. I am using Colemak keyboard layout. It...

Last updated: Oct 16, 2024 02:13PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Prototype Pollution Labs Not Solving

Hi, I have been able to get the alert to popup in the "Client-side prototype pollution via flawed sanitization" lab, but it does not mark as solved. I also checked the correct solution and tried that as well, but no...

Last updated: Oct 16, 2024 01:56PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Basic clickjacking with CSRF token protection can't be solved

https://portswigger.net/web-security/clickjacking/lab-basic-csrf-protected I have tried with firefox and chrome.I am doing exactly what the solution says and I have also watched the community solutions.But none of them work...

Last updated: Oct 15, 2024 01:51PM UTC | 6 Agent replies | 7 Community replies | Bug Reports

broken browser

https://youtu.be/EKFt25C6sdQ <--video

Last updated: Oct 15, 2024 01:36PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Error message

I get this error when loading Burp with a stored project. Update blocked An update is available, but we are unable to install it because your Burp Suite installation directory /Applications/Burp Suite Professional.app,...

Last updated: Oct 15, 2024 11:05AM UTC | 1 Agent replies | 2 Community replies | Bug Reports

Burp Suite - Intruder

Hi, I'm recently trying to solve the Business Logic Lab (https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-low-level). After many tries, I couldn't solve the lab and when I try to follow and...

Last updated: Oct 15, 2024 03:07AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Old Bambda configuration seems to persist even when I go back to default settings

Hi team. When doing the "Exploiting path mapping for web cache deception" lab I created and applied (also saved) the following Bambda, ========== if (requestResponse.contains("X-Cache: hit",true)) { ...

Last updated: Oct 14, 2024 02:32PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Error: Remote host terminated the handshake

Hi! I'm struggling to proxy traffic via Burp and keep getting "Remote host terminated the handshake" on a particular domain I'm testing. It works on other websites. Things I've tried: - Multiple browsers (firefox,...

Last updated: Oct 14, 2024 09:29AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Crawling a web site results to bloated project file

When crawling a web site, using crawling and audit's default settings. my project file size grows almost to 20GB. And when the project file gets that big, the backups will also file (not enough space on my disk). When i...

Last updated: Oct 13, 2024 01:57AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Victim not responding in Lab : CSRF where token is duplicated in cookie

Dear support, In the lab mentioned in the title, whenever I click on "deliver exploit to victim" in the exploit server, the victim does not make a get request to the /exploit file of the exploit server. More precisely,...

Last updated: Oct 11, 2024 07:52AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Community version will not open the built-in browser

I have a VM with Linux distro on it and I installed Burp community and the first thing I did was select the open browser button from the proxy tab, it did not open. I then configured settings like my safari browser settings...

Last updated: Oct 11, 2024 07:39AM UTC | 5 Agent replies | 4 Community replies | Bug Reports

OAuth authentication labs

Hello, I have an issue with exploit server in all labs in Oauth authentication when deliver exploit to victim they don't open the /exploit path i don't get any log about if victim request this path i even tried to leave the...

Last updated: Oct 09, 2024 05:48PM UTC | 5 Agent replies | 7 Community replies | Bug Reports

Content-Length is update even "Update Content-Length" option is unchecked

In the repeater, Content-Length header is update even the "Update Content-Length" option is unchecked, I found this when I follow the lab "HTTP request smuggling". When check with the Logger show that Content-Length is...

Last updated: Oct 09, 2024 05:01AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Suite Extension no longer supported by Chromium and is disabled

I upgraded my Burp Suite this morning, and upon reopening the Burp browser, I got a message stating Burp Suite was turned off. When viewing the extension in My Extensions, it has a red exclamation mark and says, "This...

Last updated: Oct 08, 2024 01:14PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Faulty Lab: "CORS vulnerability with trusted insecure protocols"

Hi, maybe there is bug inside the laboratory "CORS vulnerability with trusted insecure protocols". The following exploit script works with Burp's Chrome: <script> document.location =...

Last updated: Oct 08, 2024 10:43AM UTC | 19 Agent replies | 25 Community replies | Bug Reports

Incorrect Payload order in Sniper and Pitchfork Modes

I'm encountering a problem with Burp Suite's Intruder tool where payloads are being placed in the wrong fields during an attack. In both Sniper and Pitchfork attack modes, I've marked two different positions in my request:...

Last updated: Oct 08, 2024 08:42AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Can't pass the "CSRF with broken Referer validation" lab even if my solution works

Lab-URL: https://portswigger.net/web-security/csrf/bypassing-referer-based-defenses/lab-referer-validation-broken I found a solution that works when I tested with `wiener:peter` but it doesn't get accepted when I deliver...

Last updated: Oct 08, 2024 01:03AM UTC | 3 Agent replies | 5 Community replies | Bug Reports

Page 3 of 156

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image