Bug Reports - Page 32 - Burp Suite User Forum

CSRF where token validation depends on token being present

Hi, The lab seems to have a bug in it. When I submit Store, View Exploit and Deliver exploit to victim. The Lab is not getting solved. Please fix. Thanks, Suresh

The client failed to negotiate a TLS connection to <domain>:443: Remote host terminated handshake

Since a couple of month I am receiving this error quite randomly when trying to reach some standards site of my customers. Some times sites are working and other times not (and may be the same site). I am using burp pro...

Weird behavior when trying to close the last tab in Intruder and Repeater

Good afternoon, Burp Suite Community Edition v2023.5.4 [p4629zecilnjzve8msrj:19nf] When a user tries to close the last tab in the "Intruder" or "Repeater" by pressing the "x" on the tab, instead of the tab closing,...

Activation Failed error

Hi, We bought the burpsuite professional since May 2022. We have purchased 3 units of license for 3-years (i.e. license expires on May 2025). We have been using the software without any issues until recently. When we try...

Lab: Browser cache poisoning via client-side desync, cannot be reproduced locally in the final step due to parsing abnormalities.

The task can only be completed using the following script and "Deliver exploit to victim". cannot be reproduced locally by clicking View exploit. Therefore, I believe this lab is incomplete or has an...

Lab: SameSite Strict bypass via sibling domain

Please check if any update was done on your part for the mentioned lab. In proxy history there are no requests for resources like script and image files containing an Access-Control-Allow-Origin header, which reveals a...

Burp Suite Mobile Assistant require updates

Hi, I am running iOS 12.4.4 and I want to use Mobile Assistant to bypass SSL Pinning as SSL Kill Switch 2 cannot bypass with the app that I wanted to test. When I launch Mobile Assistant, the app require updates to support...

Burp Professional Target tab: scope issue

Host OS Windows 11, burp version is Burp Pro v2023 5.4 Build 21196 Issue: Targets tab Scope filtering by in-scope targets not working when 2 similar domain entries are used as "in scope" Details: In burp...

Domains ending with a dot throw ssl error.

The most recent versions of chrome and firefox will load this URL with the `.` at the end of the domain: https://portswigger.net. In burp browser this throws an ssl error: This site can’t provide a secure...

[BUG] Lab: DOM XSS in jQuery anchor href attribute sink using location.search source

The solution is hit the back button in "https://XXXXX.web-security-academy.net/feedback?returnPath=javascript:alert(document.cookie)" URL, exploring href unsanitized problem. Even so, the laboratory is not solved. I've...

Capturing uploaded packages on the mac book pro m1 is very clunky

Capturing uploaded packages on the mac book pro m1 is very clunky and even sometimes unresponsive, and the program must forcibly exit burp v2023.5.3

issues with 'add to site map' feature in Repeater tab

Hi, been having this issue for the longest time and even now in the current release of burp pro. so what happens is when im testing an api through burp but the api collection or documentation is off, i would need to many...

It seems like some release of the Jar files have the MacArm64 Chrome BurpBrowser and others don't

Using the Jar version on Mac there are inconsistencies with the embedded browser. Looking inside the Jar file on some versions there is an Arm64 browser and then some don't, even though I get an error that says unpacking the...

License activation is failing.

Hello, The assigned Burp license file to Onetrust organization is not working. Please look into and resolve the issue at the earliest. Regards, Sharan

Bug in lab "Web cache poisoning via an unkeyed query parameter"

Hi, it seems that there is a bug in the lab "Web cache poisoning via an unkeyed query parameter". The response to GET / never gets cached as the server always return X-Cache: miss. Cheers, Jesús

Lab: Web cache poisoning via an unkeyed query string is making unexpected request.

In the stated lab when the home page is taken into the repeater, and added with Pragma: x-get-cache-key header & value, the response contains X-Cache-Key: /$$origin=https://gt2p587.com, here the value in the origin is...

Facing issues accessing labs

ID.web-security-academy.net took tooo long to respond ERR_TIMED_OUT tried relaunching multiple times yesterday and today too but still showing the same.

Issue with lab

Hi, Is there any ongoing issue with below lab: https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-exploiting-java-deserialization-with-apache-commons Lab is not getting solved even...

Failed to create Burp: project: Duplicate key ... ERROR (Ambiguous hotkey definition is possible, for CTR+SHIFT+LEFT/RIGHT)

Dear Developers, I'm really pleased with the Burp Suite Pro, but today I defined some new Hotkeys and Burp allowed me to do this for Ctrl+Shift+Left and Ctrl+Shift+Right even when THESE KEYSTROKES WAS ALREADY DEFINED....

Burp crashes, asking for license key on relaunch

Hi there! I've encountered something pretty odd today twice. I'm running the 64-bit Windows version of Burp Suite Pro (1.7.27) and the application just crashes. Upon relaunching, I'm prompted to enter my license key. I'm...