Burp Suite User Forum

Create new post

Burp Suite UI Crash?

Hi, Sometimes I found that the Burp UI crashes like this: https://postimg.cc/bZ5nHNWV https://postimg.cc/47SjXcSb My PC uses Windows 11, CPU AMD Ryzen 9 5950X, 64GB RAM, RTX 3090 Graphic Card with 4k resolution...

Last updated: Jul 01, 2024 04:36PM UTC | 4 Agent replies | 3 Community replies | Bug Reports

OAuth account hijacking via redirect_uri works with chrome but not using burp's chromium

When I store the exploit and view it using Burp's chromium I see the following error in my iframe. However, that's not the case when I use my chrome browser. Due to this I'm not getting the auth code from admin to solve this...

Last updated: Jul 01, 2024 02:46PM UTC | 5 Agent replies | 5 Community replies | Bug Reports

Lab: Web cache poisoning via ambiguous requests

Hi, When I try adding a duplicate Host header in this lab, I get a 404 status code. The solution reads: "Notice that if you add a second Host header with an arbitrary value, this appears to be ignored when validating and...

Last updated: Jul 01, 2024 09:54AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Labs are not getting solved

Hey Team I am observing a bug in my portswigger account , I am solving the labs in academy but when I refresh the page it shows me not solved. I have tried to solve the same lab many times and I do solved it , the page also...

Last updated: Jul 01, 2024 08:24AM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Adding Hotkeys makes the Burp Unopenable

I had added a hotkey for "add to scope" which was "ctrl+DOWN" after adding this the burp worked good but when the next day i try to open burp it didn't run rather it showed an error which was "Failed to create/access...

Last updated: Jul 01, 2024 07:45AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Academy XSS Lab Doesn't Accept My Solution

hi, lab with the title: "DOM XSS in document.write sink using source location.search" doesn't accept "https://LAB-ID.web-security-academy.net/?search=%22onerror=%22alert(1)" as a solution even though the alert shows up.

Last updated: Jul 01, 2024 07:37AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab not updating "Solved" status

In the "Manipulating WebSocket messages to exploit vulnerabilities" lab, I have followed the given solution and the solution provided by the YouTube video, but the LAB status still says, "Not Solved". I am using Chrome with...

Last updated: Jul 01, 2024 07:36AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Availability- The website is too slow now a days

Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...

Last updated: Jun 28, 2024 07:39PM UTC | 17 Agent replies | 32 Community replies | Bug Reports

labsolved but shows unsolved

Hi, I have solved CSRF vulnerability with no defenses but it does not show solved after solving the lab, I've tried repeating several times but it still doesn't work, Thanks

Last updated: Jun 28, 2024 07:19AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Horizontal Scrolling in Proxy History on Linux (+ Tiling Window Manager)

Good morning, I would like to report an issue that me and other people in our office are facing. We use BurpSuite Professional in Kali VMs, and most of us use tiling window managers. When scrolling horizontally with...

Last updated: Jun 27, 2024 01:22PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

CSRF Labs are buggy not working

Currently i'm trying to solve the CSRF labs. However, it seems that these are not working properly; It seems that the system doensn't work when you "deliver exloit to user". I know for a fact that the CSRF Payload is...

Last updated: Jun 27, 2024 12:29PM UTC | 4 Agent replies | 4 Community replies | Bug Reports

Burp sending high volume of Emails

Hi team, I am reaching out because I had an incident with my customer. He received 1200 emails in half an hour while using Burp. I would appreciate it if you could share a solution for this problem/bug. Thank...

Last updated: Jun 26, 2024 04:40PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Exploit server does not behave the same depending on the browser

Hi, I've observed that the exploit server does not behave the same depending on which browser it is opened on. I've been writing and storing the exact same html content in the exploit server from Firefox and from Burp's...

Last updated: Jun 26, 2024 04:30PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Performance Issues on web academy and portswigger.com login

I am not running any automated scans against the target and have limited extensions loaded. I am regularly waiting 20 seconds for a single request, often having to cancel and resend. Logging into portswigger.com I even...

Last updated: Jun 25, 2024 03:52PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Basic Clickjacking Lab

When I try to perform the View Exploit function on this lab I receive "Resource not found - Academy Exploit Server", stopping me from completing the lab.

Last updated: Jun 25, 2024 09:18AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

solving Labs

Hi, since yesterday some labs can't be solved even if i copy and paste the proposed solution.the labs are https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink,...

Last updated: Jun 25, 2024 07:33AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

Last updated: Jun 24, 2024 10:52AM UTC | 4 Agent replies | 5 Community replies | Bug Reports

CORS Origin null Lab not working in Firefox and Chromium anymore

Hi there, Context: https://portswigger.net/web-security/cors/lab-null-origin-whitelisted-attack Issue: Exploit does not trigger, when viewing the exploit on Firefox or Chromium. Still works on Google Chrome (unless you...

Last updated: Jun 24, 2024 10:10AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Issue with Burp Suite Pro Renewal - License Key Not Received

I recently renewed my Burp Suite Pro subscription and noticed a charge of $450 on my account. However, I have not received any email update or license key associated with this renewal. I have checked my spam/junk folders and...

Last updated: Jun 24, 2024 09:10AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Crawling wont start on MacOS Sonoma

I'm using Burp Pro 2024.5.3 and when I start crawling via Scan -> Crawl, a Chromium popup appears on my dock, but it won't open, and the crawl only retrieves robots.txt.

Last updated: Jun 24, 2024 08:43AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 3 of 147

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image