Bug Reports - Page 34 - Burp Suite User Forum

iOS 13 + Burp SSL Certs Not Able to be Fully Trusted

I've followed the appropriate steps to fully trust the burp cert, but as of iOS 13 this does not work and HTTPS requests fail. Looking at iOS 13 release notes, I found this: https://support.apple.com/en-us/HT210176 -- I...

Target page only keeps the record of the last API request if the API endpoint is the same and the REST method is not the same.

I was trying to record the API for an application. I observed that the Burp Target page only keeps the record of the last API request if the API endpoint is the same and the REST method is not the same. For example, we...

Lab: Cache key injection - expert lab allowing a simple solution

Hello guys, The hint for this lab is: "Solving this lab requires an understanding of several other web vulnerabilities. If you're still having trouble solving it after several hours, we recommend completing all other...

Lab: Exploiting HTTP request smuggling to perform web cache poisoning - broken?

Hi, the above lab cannot be solved (using the solution, the community solution or 3rd party solutions anyway). The community solution is outdated now, but the comments on the official YT page are also saying they are...

Burpsuite Professional fails to handle Blazor SignalR WebSocket traffic

Hello, During my work, i've stumbled across the web application project which uses the Blazor technology. Blazor is .NET framework that uses SignalR library. This leads to use of WebSocket protocol communication in every...

An incorrect example in the "Exploiting HTTP request smuggling" section on the Web Security Academy.

In one of the "Revealing front-end request rewriting" examples, the Content-Length is wrong. POST / HTTP/1.1 Host: vulnerable-website.com Content-Length: 130 Transfer-Encoding: chunked 0 POST /login...

Collaborator reports multiple interactions instead of one

During an assessment it was noticed that if the payload (request to the Collaborator server) includes more than one Collaborator URL, Burp Collaborator reports one connection (single HTTP request) as multiple based on the...

SSRF LABS

Hello, in the ssrf lab the lab Blind SSRF with Shellshock exploitation is repeated. Regards

NET::ERR_CERT_AUTHORITY_INVALID Help

can't validate a challenge even tho my exploit works

lab name : Performing CSRF exploits over GraphQL

BChecks Cannot insert payload into body

this is okay : "given any insertion point then" That does not work : "given body insertion point then" my body is...

Burp Suite Enterprise Agent - Error with Unattended Install using varfile

I'm trying to install the Burp Suite Enterprise Scanning agent on Ubuntu. I'm getting errors when running the below: ``` $ sudo sh burpsuite_enterprise_linux_v2023_6_1.sh -q -varfile response.varfile Unpacking JRE...

ERR_TUNNEL_CONNECTION_FAILED when I launch Chromium from Burp Professional

I've started to get this issue more and more... seems to not happen after a fresh restart. I open Chromium and try and go to my lab and get 'ERR_TUNNEL_CONNECTION_FAILED'... If I get that, I cannot surf to any sites (...

Web Security Academy Lab Access Error

Hi, I'm having issues in accessing Web Security Lab. When I click on Access Lab button its shows error. Kindly help me to resolve this issue. Thanks and Regards

Ajax request header manipulation (DOM-based) & Other DOM-based issues

Hi, I often see such DOM-based issues, for example, something like this: Issue: Ajax request header manipulation (DOM-based) Issue detail: The application may be vulnerable to DOM-based Ajax request header...

Glitch and following mouse over

Hi Burpsuite Support Team. I got the problem with Burpsuite Professional v2023.6.2 on windows desktop, sometimes when I use burp, the display will error like a follow my mouse wherever go. I don't know it's a glitch or...

UI is a disaster

Hi! Thank you for all what you are doing but today I saw an updated Learning path lectures view and it is very bad! I have not so big screen, but now the half of it is taken by the awful blue menu/context field, which...

bug in burp suite navigation recorder.

Spend three weeks trying to find out what plugin was messing up three different web sites. Microsoft Edge, with burp suite navigation recorder installed and active. the web sites do not render. they do very strange...

Chromium freeze whenever I open Dev-Tools

Hello, Burp Suite Pro v2023.6-21057. I have had this issue for some time now with older version as well. I am using the built it Chromium browser, everything work just fine up until I open the browser developer tools -...

BurpSuite Enterprise Uses Log4j

Hi Support Team, I just wanted to ensure that log4j-core-2.14.1.jar installed by the Burpsuite enterprise web server is not vulnerable to RCE. I read in the forum that Burpsuite Enterprise does not consume log4J for...