Bug Reports - Page 37 - Burp Suite User Forum

Burp Intruder Payloads options simple list section not working

Burp Intruder Payloads options simple list section is not allowing me to: 1. Add from list 2. Load custom payloads

Community Sollution Youtube video is wrongly merged in Access control lab

In Web Security Academy on Access control Topic, The 3rd Lab which is been provided with two you-tube video for community solution. The Second Video "Which is been Michael Sommer sir video" that video is the solution of 4th...

Class Not Found: burpsuite_community_v2023.5.2.jar with Java 17

$ uname -a Linux kali-raspberry-pi 5.15.44-Re4son-v7l+ #1 SMP Debian kali-pi (2022-07-03) armv7l GNU/Linux $ java -jar -Xmx2g burpsuite_community_v2023.5.2.jar Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on...

Lab PRACTITIONER Reflected XSS with some SVG markup allowed

Hello! I got popup window from alert() function in this lab, bit it does not marked as resolved lab. Something wrong? Payload - <svg><animatetransform onbegin=alert('hi')>

DOM XSS in jQuery anchor href attribute sink using location.search source not solved

Lab is not solving whatever I can try to do, step by step tutorial doesn't help

HTTP Response freezes in Intruder results table

Hi, For an intruder containing three results with status codes (200, 302, ...) How to reproduce: 1. Go to 'render' in http response of the first item - keep 'render' visible 2. switch to the item with status code...

.install4j\files.log (The system cannot find the file specified) Error While Uninstall

Hello people, I have installed burpsuite_enterprise_windows-x64_v2022_1.exe on windows server 2016 and now I want to uninstall it. However, when I run the uninstaller it gaves me an error like this and alert me it was...

License is suddenly invalid, even though it should expire in November

Hello When opening the application this morning we found that BurpSuite is asking for the license key, and after providing the key that should be valid until November 2023 it says it's invalid. Logging on to the portal to...

Burp's CA certificate is expired

Hi, I'm able to reach out to http://burpsuite in Chrome. I downloaded CA Certificate -> cacert.der However, the file which I downloaded is the expired CA certificate which I'm not able to add to Keychain Access on...

Lab: HTTP/2 request smuggling via CRLF injection - truncated victim session

Hi, It seems impossible to fetch the victim's session because it always gets truncated (see at the end): <li> <a...

Cannot do offline activation anymore for Burp Pro

Dear PortSwigger support, We have a Burp Pro license (for 70 activation) for very long time. When installing Burp we are using the offline-activation feature but as of few weeks ago this does not work anymore; After...

Lab: HTTP request smuggling, basic CL.TE vulnerability

I can't solve lab tried many times, help here is the code - POST / HTTP/1.1 Host: 0a90006303d9bbc387c5700800820036.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length:...

cookie flags are raised in burpscan but not in manual testing.

burp scanner keeps raising the issue(s): - TLS cookie without secure flag set - Cookie without HttpOnly flag set. However, when replicating the same request manually (either by closing the session and re-opening, or...

MacOS to Linux .burp File Breaks

Hi PortSwigger, I thought I would note that every time I create a .burp project file on MacOS (M1 ARM) and attempt to move and open this .bur project file onto an x86 Linux device (Fedora), I always get the 'selected...

Issue while registering burp professional license

Hi Team, I am facing an issue, The license key was working perfectly earlier but suddenly it is giving this error, where I am redirected to the license prompt. I also tried to activate the key manually but still got...

not able to access burp suite labs

This site can’t be reached0a6300c9036fbb3689c7af4300ec00c4.web-security-academy.net took too long to respond. Try: Checking the connection Checking the proxy and the firewall Running Windows Network...

Password reset poisoning Lab issue

Victim never makes call to forgot password through exploit url

Bug in lab Basic clickjacking with CSRF token protection?

Hello, I have issues with the "Basic clickjacking with CSRF token protection" lab. Everything is correct on my part (or so I believe). I have tried with the burp browser and chrome, but neither of them displays I solved the...

Burp Suite Community Keeps Crashing

I've noticed that my Burp Suite Community crashes quite often whenever I go to pause or resume intruder attacks. I'll just press the pause/resume button and it will completely hang. Only way to close it is via task manager....

License key stopped working yet license is valid until 11/10/2023

Good Morning, We have a license that is valid until 11/10/2023, however when we try to activate said license key we get the following error: Activation failed It would be appreciated if you could get back to us...