Bug Reports - Page 37 - Burp Suite User Forum

Labs - File Upload Vulnerabilities - versatile webshell

Hi @burp_fans I stumbled upon an "issue" with the file upload vulnerability labs (e.g. [1], but it is the same for all file upload labs I have tried so far): I manage to upload a webshell with...

Lab: Routing-based SSRF

hi , in the Lab: Routing-based SSRF you asked for the user to delete Carlos whit capital letter . but there is no "Carlos" to delete , only "carlos".

Bug in lab "Inconsistent handling of exceptional input"

Hello, I am currently facing an issue in the "Inconsistent handling of exceptional input" lab. After registering an account, I should be able to see my email address on /my-account page but it's not the case. Also I...

Wrong statement in XSS learning material?

In the last lines of chapter 2 of Stored XSS section (Impact of stored XSS attacks) it says "In contrast, if the XSS is stored, then the user is guaranteed to be logged in at the time they encounter the exploit." Is this...

Burp Collaborator Certificate Issues

Hi, I'd like to raise a very interesting problem. We are currently running a on-prem Collaborator which is only available over our VPN. Everything worked fine until version 2022.05. Then users experienced following...

Burpsuite 2022.11.2 suddenly browser not working

using jre 17.0.5 on kali It worked fine yesterday, suddenly im getting this error on root: "devtools.client.n:refusing to start browser as your configuration does not support running without sandbox" on non root using...

Academy lab do not update status randomly.

Hi, I see a problem with the update of the state of the laboratories that I finished correctly. They are randomly shown as unsolved. It is happening to me in SQLi and JWT attacks. Thank

Achieve release wont install for community edition

Hey I have tried installing the previous versions of Burpsuite community edition and it wont start downloading.This is happening for all the previous releases which contains the Windows(64 bit) version. However the Pro...

Community version will not open the built-in browser

I have a VM with Linux distro on it and I installed Burp community and the first thing I did was select the open browser button from the proxy tab, it did not open. I then configured settings like my safari browser settings...

BurpSuite Enterprise Unable to perform connection check

Hi team, When I initiate a connection check on BSE, the UI display with error "Unable to perform connection check We were unable to perform a connection check for your site. Please check that your scanning machines are...

Exam Problem

Sorry for writing here. I am in the exam and have done 5 labs. I had a session token of a user and got more permissions by extending the permissions. Then all suddenly my session stopped working and the session token, no...

https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft

The lab(Subject line) does not put output after trying multiple payloads even interesting is the fact that the solution provided also does not work as a solution. Have been stuck and here. The lab is : SQL injection attack,...

Cursor pointer not on-point

Burp jar - burpsuite_community_v2020.5/Windows 10 Pro/Open JDK Latest version, In repeater cursor is not following entered chars after 5/6 letters. This is happening only in executable jar version & not in installation...

Failed to start proxy service on 127.0.0.1:<ANY PORT>

Hi, I am having an issue where Burpsuite will not bind to any port on localhost e.g. 127.0.0.1:8080,9999 etc. OS: Windows 10 Browser: Firefox Error message: 'Error "Failed to start proxy server on 127.0.0.01:<ANY PORT...

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Issues with Burp Suite Enterprise Edition deployed on GKE

Hi We have deployed burp suite enterprise edition on GKE and run an automated schedule on weekly basis. Can you please let us know how to fix below error mainly due to "browser crashing" which fails whole scan ?...

Burp's Cookie Jar Handles Cookies Differently to Common Browsers

I have an interesting "bug" for you. I was testing a website that set a session cookie upon login. When logging out, the application set the session cookie to '""' (i.e. two double quotes) rather than an empty...

CORS failure

I am using burpsuite professional at my work and testing the client web application. I am facing problem with burp v2021.8.3 which is failing coz of CORS failure. I am getting the response from application in proxy but...

net.portswigger.devtools.client.ah: Unable to start browser:

I am sorry, I am new to BurpSuite and am trying to use the Community edition on Windows/10 64bit. I am on the "Proxy" tab and have "Intercept is on". When I click the "Open browser" I get this error message: Burp...

pcsc smart card support Linux not working anymore?

Hi there, there is a problem with the feature 'User Options>TLS>Client TLS Certificates>Hardware token or smart card. The feature only seems to support "legacy" fat pcsc driver implementations, whereas most modern pcsc...