Burp Suite User Forum

Login to post

Burp Suite requires discrete GPU on macOS

When running Burp Suite on a macOS machine with a discrete GPU the GPU is activated which reduces the battery life of the device. Does Burp Suite specifically require access to the GPU? I suspect this is most likely...

Last updated: Dec 22, 2021 06:40PM UTC | 6 Agent replies | 4 Community replies | Bug Reports

Apache Log4j < 2.15.0 Remote Code Execution (Nix) (155999)

Tenable reported bug on Burp Enterprise Synopsis A package installed on the remote host is affected by a remote code execution vulnerability. Description The version of Apache Log4j on the remote host is < 2.15.0....

Last updated: Dec 21, 2021 01:00PM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Cannot access the lab

I cannot access the lab. When I press "Access the lab", it shows "The connection has time out". I tried in Chrome, Firefox, Edge and they had same result. Thank you!

Last updated: Dec 21, 2021 11:33AM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Corrupted project after reboot

Hello, I experienced a file project corruption after a suddend machine reboot (win 10). I was working on last Burp Professional version (2021.10.3). Unfortunately, the project restore was able only to recover a minimal...

Last updated: Dec 21, 2021 10:02AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

SAML Raider Extension

Not working - reports the below: <SAMLRaiderFailureInInitialization></SAMLRaiderFailureInInitialization>

Last updated: Dec 20, 2021 04:00PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Authentication bypass via OAuth implicit flow

Lab: Authentication bypass via OAuth implicit flow is broken :/ It gives SessionNotFound: invalid_request error when I try to login in your own "social media"

Last updated: Dec 20, 2021 02:15PM UTC | 11 Agent replies | 20 Community replies | Bug Reports

Scanner is crawling and auditing out of scope items.

Hello, I am attempting to automate some tests with crawl and audit. I have defined my scope to exclude *.css files. When I use scan to crawl and audit, the crawl will find the *.css files and audit will start auditing...

Last updated: Dec 20, 2021 08:44AM UTC | 5 Agent replies | 6 Community replies | Bug Reports

New Scan says out of scope for in-scope URL

Hi there, Burp 2.0.3 is telling me that the scope URL I'm defining for a new scan (when clicking the button in the dashboard) is out of scope. URLs to scan: http://192.168.44.32/ Currently defined as scope...

Last updated: Dec 20, 2021 08:41AM UTC | 10 Agent replies | 9 Community replies | Bug Reports

Not supporting ÅÄÖ characters in Extensions

Hello! I am not sure if this is a burp issue or a extension creator issue. However, i will still make an attempt in a hopeful fix to my issue! * Specs: Burpsuite v2021.10.3 Windows 10 Pro OS Build 19044.1348 Jython...

Last updated: Dec 17, 2021 09:47AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Activations

I have been getting Burp to work on an EC2 instance and apparently have exceeded my activation's allotted. Would it be possible to extend these temporarily... at least until this log4j thing is over? Thanks in...

Last updated: Dec 17, 2021 09:38AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scans not completing

I'm having an issue with scans progressing. After canceling a scan and reviewing the debug log I notice multiple iterations of the following error. 2021-12-16 17:54:42 [r] INFO - Exception report: 2021-12-16 17:54:42 [r]...

Last updated: Dec 17, 2021 09:36AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp not responding

When I set my Firefox's proxy to work with burp, burp does not intercept any request, also none of the pages load on Firefox, which is quite obvious if intercept is on. Also note that I have tried to open burp with and...

Last updated: Dec 17, 2021 03:38AM UTC | 2 Agent replies | 5 Community replies | Bug Reports

Lab: Blind XXE with out-of-band interaction via XML parameter entities

I am trying to access this lab today, and it is down or returning an error when trying to load. Just for your info, so you can look into it. I've been doing other XXE labs which are working fine.

Last updated: Dec 15, 2021 02:19PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Web Academy XXE Labs

In an update to my last post, there are six labs in total affected. I've had other users at home check also, so isn't just a local issue. These are the affected labs containing error reports on loading Lab: Exploiting...

Last updated: Dec 15, 2021 02:17PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Active Scanner does not detect CVE-2021-43798 (Grafana Directory Traversal File Read)

Hi, Grafana recently posted about a vulnerability (CVE-2021-43798) in their product at https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ This...

Last updated: Dec 15, 2021 01:49PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

burp collaborator Not working - I verfied it through Wireshark

To be exact the Polling Server is not working as per the error below: No connections to the polling server at polling.burpcollaborator.net could be opened. The collaborator will not work in this configuration.

Last updated: Dec 15, 2021 10:57AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp doesn't remember the extension I'm using when I click on another url

Hello, In Burp 2021.6.2, in Proxy -> HTTP History when I choose an extension for example name A, when I click on every links, that extension A is auto loaded. But later Burp, when I click on other links, it auto select Raw...

Last updated: Dec 15, 2021 09:55AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Web cache poisoning via the Host header Lab

I completed the successfully displaying alert(document.cookie) after poisoning the cache, but the state of the lab still says: Not solved

Last updated: Dec 15, 2021 08:16AM UTC | 1 Agent replies | 5 Community replies | Bug Reports

Academy labs no response problem

On academy labs i do not get response from server. "This site can’t be reached" Every few minutes today.

Last updated: Dec 15, 2021 08:12AM UTC | 3 Agent replies | 9 Community replies | Bug Reports

Burp changes response headers case

I noticed that during http2 requests BURP changes the response headers to "First Capital" so any reponse header like some-somethingelse-anything : any value will be replaced as Some-Somethingelse-Anything : any...

Last updated: Dec 14, 2021 11:51AM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Page 3 of 92

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image