Bug Reports - Page 39 - Burp Suite User Forum

Getting the below error message only when I connect through Burp proxy, happens for all sites

I HAVE generated the Burp certificate and loaded it in to the browser (Firefox, Burp and Chrome) - problem persists. Yelp! The 'peer' in this case would be the Burp Proxy listener. Thanks. Secure Connection...

Built in Chromium browser crashes after computer goes into sleep

On Windows 11 every time the computer goes into sleep mode the built in Chromium browser crashes. When opened again it shows a message that the browser was not closed properly and if I want to restore the session.

Has anyone else noticed the bundled Chrome browser hangs on recent releases ?

Running v2023.3.4 at the moment but noticed it started around v2023.x. This is on latest patched Windows 10 release. Seems to occur almost randomly however running DOM invader with prototype pollution with Scan for...

SSL Errors

Hi, it's me again. I've tried your solution to connect to the same website (the one of yves) but i still encounter SSL problems. I've installed also the certificate on my phone and it doesn't help. I've wrote also to your...

Lab: CORS vulnerability with internal network pivot attack

The LAB doesn't work, so I tried it myself, because we overestimate it, it doesn't work !! <script> bu_url = 'https://' + 'pf8ramweqox3mawt6h1l1w6v3m9ex3.oastify.com'; url = `http://192.168.0.135:8080/login`; ...

False Positives For Dependency confusion because of extra character...

To Whom it may concern, When opening a package-lock.json file in the browser with burp running, BurpSuite falsly identifies a HIGH Vulnerabilty know as Dependency Confusion every time... This is occuring because the "{"...

Everytime crashes the lab "Reflected XSS with some SVG markup allowed" when payloading it

Hello, I have an issue when I'm trying to do payloading to find XSS valid tags into "<>" tags. Everytime when I try to use Intruder to act the "Sniper" type of attack the server of this lab...

In app browser fails to launch (Burp 2023.3.5/Java 17/Kali Linux)

Clicking the open browser buttons in the proxy tab or target tab has no impact, nothing shows up in diagnostics. When using health check for burps browser, the Checking headless browser gives this error: Aborting checks...

Collaborator makes GET request to collaborator payload in User-Agent string

While testing a CRLF based header injection on an application I noticed that collaborator will make GET requests to any *.oastify.com hostname specified in the User-Agent header. For example, given the following...

Cache Poisoning Labs

I have been experiencing issues with the web cache poisoning labs the last couple days where the labs are not caching the HTTP responses at all. No matter how many times I resend the same basic requests (e.g. GET /), I...

Expert XXE challenge solvable in incorrect manner

Hello, While messing about with the "Expert" XXE Academy challenge ("Exploiting XXE to retrieve data by repurposing a local DTD"), I found that executing the same payload as the prior "Practitioner" challenge ("Exploiting...

Lab not working properly

I am doing the following lab https://portswigger.net/web-security/web-cache-poisoning/exploiting-implementation-flaws/lab-web-cache-poisoning-unkeyed-query But the response is not being cached, I have tried by sending a...

Burp suite is showing protocol error

when i tried using the lab for sqli the burp suite keep throwing me protocol error, i tried that by using firefox and the lab is working and didn't gave me an error. please resolve this issue.

Burp Chromium Freezes on Certain Sites

Burp's browser will freeze on certain websites being accessed, but work fine with others. When it freezes, the Window will go to "Not Responding" and require a force shutdown of the browser. The site will load, but will...

Unintended Solving Via Known DOMPurify XSS Vulnerability in Cache Poisoning Lab

Hi, for this lab: https://portswigger.net/web-security/web-cache-poisoning/exploiting-design-flaws/lab-web-cache-poisoning-targeted-using-an-unknown-header. The comment section uses DOMPurify 2.0.15, and can be exploited...

Issues with Chromium, unable to visit any websites on Mac M1

Hi there! I am facing issues with Chromium as I am unable to visit any websites with it. I have went through the necessary troubleshooting steps, like checking if the intercept is off and etc. I am running with the...

Montoya exportUserOptionsAsJson unloading all extensions

Hey, I've noticed that when I call exportUserOptionsAsJson, the key "loaded" is always false, meaning if I then reload it into Burp Suite all the extensions are unloaded. If I export it via the UI, the loaded value is...

Repeater send button not working while doing Host header injection labs

While doing the lab as mentioned below, When I change the GET request endpoint to the URL i.e https://192.168.0.1/ the Send button becomes disable and I cannot send the request. And as I start burp suite from my terminal...

HTTP Host Header Attacks - Routing-based SSRF

Hi, I'm trying to get the Set-Cookie response for this lab, but only receive this HTTP/2 302 Found Location: / X-Frame-Options: SAMEORIGIN Content-Length: 0 The request I'm sending is attached. It is supposed...

Exploiting XSS to perform CSRF

when executing an exploit, the site crashes. Here is an expolite - const otherForm = document.querySelector("#otherForm"); location.href=...