Bug Reports - Page 4 - Burp Suite User Forum

HTTP History occasionally hiding requests until I drag the divider to the right to make visible

For some reason random HTTP requests will only show the response with the request pane hidden until I drag the slider to reveal it. Most requests and responses are fine. I can see no pattern to this. Running 2024-8-1 32184...

Exploiting HTTP request smuggling to perform web cache poisoning - Failing to go to "Solved" status

Here is my cache poisoning / Smuggled request POST / HTTP/1.1 Host: 0a16007d0305e2b380340869000b001a.web-security-academy.net Content-Type: application/x-www-form-urlencoded Content-Length: 185 Transfer-Encoding:...

CSRF lab not accepting my solution

I followed each and every steps of how I was directed in the video but still it shows some stuffs on top when I try to store or deliver expoloit or any buttons. Here it says " This is your server. You can use the form...

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

LLM labs not working

I'm trying to solve LLM labs but the AI only show typing no matter commands I use. Try to refresh the page only gives me System: No chat history on record. I have try the lab with chrome and firefox. Even reconnect the...

Basic clickjacking with CSRF token protection

I'm having trouble with this lab. When I click on 'View exploit' I have the login page coming up, of course with no 'delete' button. I'm using Burp's browser Chromium and here's my script, of course I'm changing the lab Id...

Exploiting PHP deserialization with a pre-built gadget chain

Hello I have a problem with this lab, when I send my payload I got a next error: <div class="container"> <header class="navigation-header"> </header> <h4>Internal Server Error: Symfony...

There is a bug in Professional / Community 2024.7.6

When sending a message to the intruder, the message content will be automatically modified, resulting in the failure of the attack.For example, if there is JSON data in the request body, after sending it to the intruder, the...

Intruder results screen is blank, So frustuating

I work professional required burp intruder to work. This Burp professional never showing my intruder attacks ongoing or completed. I better off using community version, It works better. Refer:...

CORS vulnerability with basic origin reflection

Hi, I used all kinds of different browsers but the administrator user won't click or do any interaction to retrieve the api key. the script I used: <script> var req = new XMLHttpRequest(); req.onload =...

Several labs not completing even though exact steps were followed

I have been following the recommended learning path. I am now at a point within the XSS section (and onwards) where none of the labs are completing/solving, despite following the exact steps listed under the solution tab or...

[Montoya] ResponseReceivedAction.continueWith not updating response anymore

Hello, I've noticed that in Burpsuite Pro 2024.8.1 (early adopter) that a plugin I wrote a few months ago using the Montoya API stopped working correctly. High level the code looks like: HttpResponse httpResponse =...

Indirect prompt injection (LLM attacks), email doesn't delete with account

Hello, I've completed this lab in the past but when I tried again, I can't. I follow these steps: -I create an account using the supplied email -I ask Live Chat to change my email to test@example.com -I go to Live...

Clickjacking with form input data prefilled from a URL parameter Lab Not Solved

Hey The lab just dont get solved its realy frustrading XD <style> iframe...

Victim not visiting the pages on several labs

Dear support, The labs Exploiting cross-site scripting to steal cookies and Exploiting cross-site scripting to capture passwords are not working properly right now. Not only does it take a lot of time to launch the...

Can't click submit solution

Hey! I can't click submit solution in LAB: Exploiting cache server normalization for web cache deception. no change when i swipe over the button and nothing happens when i click it?

JWT authentication bypass via kid header path traversal : 401 unauthorized

I followed the steps but still getting 401 unauthorized. Could you please check

Academy progress gone!

Hi, I completed the Apprentice (all 52/52) today and it showed the progress as Done but now it doesn't!

Academy - Lab: Username enumeration via response timing - Unable to access usernames/passwords

Hello, In the Lab: Username enumeration via response timing, the list of candidate usernames/passwords is not accessible. In the lab, the below are not linked to anything, they seem to just be plain text. Candidate...

Burp Suite Fails to Load Default Wired Chrome Browser

Description: The default Wired Chrome browser does not load in Burp Suite. Environment: Application: Burp Suite Community Edition Version: 2024.7.6 Operating System: Ubuntu 24.04 LTS Installation...