Bug Reports - Page 35 - Burp Suite User Forum

Prototype Pollutions DOM Invader

Hi, I was trying to use DOM Invader to automatically find the way to solve the following exercises: Client-side prototype pollution in third-party libraries, DOM XSS via an alternative prototype pollution vector and...

Broken Lab: Visible error-based SQL injection

This lab was broken, it kept on giving same the error message: "Unterminated string literal started at position 95 in SQL SELECT * FROM tracking WHERE id = 'jUp8oNzaKr4pzj9y' AND 1 = CAST((SELECT password FROM users L'....

Section Symbols are appearing in images which breaks Intruder

Section Symbols '§' are appearing in any images (jpg, gif, png, etc.) when retrieved in GET requests or posted in POST, if sent to Intruder it corrupts the image because it strips those characters.

section symbole isuue

hi when i using intruder i have isuue with section symbole(§) There is the same symbol in my Arabic language, which causes interference and problems in the work of the intruder, can we change section symbol (§) with other...

Question/bug on lab "CORS vulnerability with internal network pivot attack"

While trying to solve the mentioned lab, the retrieved HTML code from the internal website cleary states that the request for the "login" is a POST. However, the solution silently continues with a GET to trigger the XSS. If...

Solved

The post you are implying about is my solution for all the set labs and solved all problems including bug labs Apetree1001@email.phoenix.edu

2FA bypass using brute-force attack

I'm not able to solve this lab using turbo intruder as I'm using burp suite community edition. I also try to check if this issue persist only with turbo intruder or normal intruder, but this issue also happens with normal...

Problem with license key Enterprise Edition

Dear team, I requested for trial version of Enterprise edition. I have received the required info and i have followed the steps on portswigger as well but the moment i upload the license key it is throwing me an error -...

Invalid certificate generated

The certificate generated contains a country code of PortSwigger which does not conform to the RFC which says that the country code should have a length of 2 https://datatracker.ietf.org/doc/html/rfc3280#page-96 This...

Intruder Payload processing

if i use Payload processing: hash:MD5 on result page i see hashed payloads. One of them "good" but i can't see in "raw" only hashed. Screenshot: https://i.imgur.com/X0Mxku3.png p.s. in this task i must brute-force...

my burp tip Unsupported or unrecognized SSL message

Using burp embedded browsing to visit the website to prompt certificate problems

Link manipulation (DOM-based) - JQuery

Hi all, we use jquery-3.3.1.js in our application. Burp scan found a Link manipulation (DOM-based) vulnerabilities in JQuery sources: 1. // Anchor tag for parsing the document origin originAnchor =...

CSRF where token validation depends on request method and

Hi, The lab seems to have a bug in it. When I submit Store, View Exploit and Deliver exploit to victim. The Lab is not getting solved. Please fix. Thanks, Suresh

CSRF where token validation depends on token being present

Hi, The lab seems to have a bug in it. When I submit Store, View Exploit and Deliver exploit to victim. The Lab is not getting solved. Please fix. Thanks, Suresh

The client failed to negotiate a TLS connection to <domain>:443: Remote host terminated handshake

Since a couple of month I am receiving this error quite randomly when trying to reach some standards site of my customers. Some times sites are working and other times not (and may be the same site). I am using burp pro...

Weird behavior when trying to close the last tab in Intruder and Repeater

Good afternoon, Burp Suite Community Edition v2023.5.4 [p4629zecilnjzve8msrj:19nf] When a user tries to close the last tab in the "Intruder" or "Repeater" by pressing the "x" on the tab, instead of the tab closing,...

Activation Failed error

Hi, We bought the burpsuite professional since May 2022. We have purchased 3 units of license for 3-years (i.e. license expires on May 2025). We have been using the software without any issues until recently. When we try...

Lab: Browser cache poisoning via client-side desync, cannot be reproduced locally in the final step due to parsing abnormalities.

The task can only be completed using the following script and "Deliver exploit to victim". cannot be reproduced locally by clicking View exploit. Therefore, I believe this lab is incomplete or has an...

Lab: SameSite Strict bypass via sibling domain

Please check if any update was done on your part for the mentioned lab. In proxy history there are no requests for resources like script and image files containing an Access-Control-Allow-Origin header, which reveals a...

Burp Suite Mobile Assistant require updates

Hi, I am running iOS 12.4.4 and I want to use Mobile Assistant to bypass SSL Pinning as SSL Kill Switch 2 cannot bypass with the app that I wanted to test. When I launch Mobile Assistant, the app require updates to support...