Bug Reports - Page 3 - Burp Suite User Forum

BurpExtenderAPI - java.lang.NullPointerException: Cannot invoke "burp.ehv.a(burp.ikb)" because "<parameter1>" is null

Hello, I'm developing a burpsuite extension and I stumbled upon a problem with MessageEditorTab rendering. I have a basic plugin : BurpExtender.java - https://pastebin.com/xAZewdZT SimplePluginMessageEditorTab.java -...

E

We are using Burp Suite Enterprise Edition for multiple years now. This year when I'm trying to update my license to the latest, it failing with error "Failed to upload license: An unexpected error occurred. If this problem...

Lab: CSRF with broken Referer validation. Why

In Lab: CSRF with broken Referer validation, I tried the solution mentioned in (https://portswigger.net/web-security/csrf) and set Referrer-Policy: unsafe-url. But, it didn't work and the browser still sent the trimmed url...

Authentication bypass via OAuth implicit flow - SessionNotFound: invalid_request

Hi, The lab "Authentication bypass via OAuth implicit flow" is not working. After clicking "My account" page loads for few seconds and shows with error: SessionNotFound: invalid_request at Provider.getInteraction...

NTLM authentication issue

Hello, We are trying to configure burp suite pro to scan a host that use NTLMv2 authentication however we are getting the following error in burp: "No NTLM challenge received from...". We have platform authentication...

Burp stopped working after did a 'apt upgade' on kali linux

└─$ sudo burp 2021-08-26 22:22:30 +0100: burp[2426] Could not find ssl_cert /etc/burp/ssl_cert-client.pem: No such file or directory 2021-08-26 22:22:30 +0100: burp[2426] Could not find ssl_key...

App Crashes In Mac OS X

Hi, I'm getting this error log each time I run a new scan. I updated to the latest version of Burp. Please check and provide any solution. Process: JavaApplicationStub [62907] Path: ...

Internal Server Error on correct solution

Hi, I have been doing the SQLi exercises and everything was going fine until I was doing this exercise:...

Sqli third lab retrieve data from tables

I solved the lab but it is still showing as not solved ...

The Intruder broke in 2021.8. x (the Resource pool does not work)

Hi! In the last two updates, my Intruder broke down. It ignores concurrent requests in the Resource pool. It doesn't matter whether I set 10 concurrent requests or 999, the process is extremely slow, 1-3 requests per...

Burp Scanner not Recognising Targets with advanced scope control configured

I am having issues when using advanced scope control top exclude certain hosts from scanning/testing. I need to use advanced scope control to specifically exclude a particular URL pattern, so that forces me to use a regex to...

Burp Scanner not Recognising Targets with 'Advanced Scope Control' Configured

I am having issues when using advanced scope control top exclude certain hosts from scanning/testing. I need to use advanced scope control to specifically exclude a particular URL pattern, so that forces me to use a regex to...

unable to start burp

whether it is creating a new/temporary project or trying to open up an old one. I get the below error on burp v2021.8 running on windows failed to create Burp project: cannot read the array length because "<local 8>" is...

Valid XSS not reporting in issues ? Is it me?

Using a standard test site: http://testphp.vulnweb.com/ <input name="searchFor" type="text" size="10"> Insert simple payload Into search box <script>alert(1);</script> Response: <h2 id='pageName'>searched for:...

Admin Password issue

Hi, Since yesterday I was able to login to the burpenterprise edition with my admin username and password and suddenly today I am not able to. I havenot forgot my password. It was the same one I was using since last few...

Lab: Modifying serialized data types - Debug dumps tokens

Hey, not sure if this a bug or a feature) So if in cookie you change username to not much token, username: carlos token: from peter Here it...

Scan Status is failed

Hi, dear Support! Please help me to understand the reason of the scan failure to achieve success. I'm using the Burp Suite Enterprise Edition Version: 2021.6-7240, Java version: 11.0.10 Sites > Sites with scan failures...

DOM Invader extension (Burp Pro - v2021.8.1) is problematic under macOS 11.5.2

Clean install, everything looks fine, but when moving to DOM Invader Tab I can activate it, but changing the value of Canary is impossible and extension just feels very buggy in general.

Password reset poisoning Lab issue

Victim never makes call to forgot password through exploit url

Community Edition v2021.8.1 not working as expected

On Win10 last using CE 2021.5.1 without issue Upgraded to 2021.8.1 and the embedded browser would not load any https pages. Downloaded the CA cert, installed to embedded (Chromium) browser, Chrome 92.0.4515.131, Firefox...