Burp Suite User Forum

Create new post

Issue with Burp Suite Pro Renewal - License Key Not Received

I recently renewed my Burp Suite Pro subscription and noticed a charge of $450 on my account. However, I have not received any email update or license key associated with this renewal. I have checked my spam/junk folders and...

Last updated: Jun 24, 2024 09:10AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Crawling wont start on MacOS Sonoma

I'm using Burp Pro 2024.5.3 and when I start crawling via Scan -> Crawl, a Chromium popup appears on my dock, but it won't open, and the crawl only retrieves robots.txt.

Last updated: Jun 24, 2024 08:43AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

'Stream failed to close correctly' when trying to load one lab

Accidentally broke one of the labs - https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-cookie-refresh steps to reproduce: - open burpsuite chromium browser - copy...

Last updated: Jun 21, 2024 08:51PM UTC | 3 Agent replies | 7 Community replies | Bug Reports

ratelimiting intruder issue / inconvenience during the auth lab

Hi Team, During the lab I ran into an issue with the rate limiting of the community edition with the Lab: Username enumeration via account lock. Here you need to lock the account to figure out the username and see...

Last updated: Jun 21, 2024 10:40AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Solution for "Lab: SSRF with blacklist-based input filter

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried...

Last updated: Jun 21, 2024 05:18AM UTC | 0 Agent replies | 3 Community replies | Bug Reports

JTree not rendering correctly with BurpSuite's Look And Feel

I am working on improving on of our extensions and I noticed, that a JTree does not render correctly with the default look and feel of BurpSuite. Icons are missing and the indentation of individual notes are also not...

Last updated: Jun 20, 2024 02:14PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

403 Forbidden in sollution in Academy Web cache poisoning via ambiguous requests

Hello, according to the Sollution when i use 2 HOST headers such as GET /?cb=123 HTTP/1.1 Host: 0aa300a60483e49080313f3f008e0077.h1-web-security-academy.net Host: example.com I receive HTTP/1.1 403...

Last updated: Jun 20, 2024 08:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Academy clickjacking lesson doesn't give you credit

I have tried to complete the lab: "Lab: Basic clickjacking with CSRF token protection", and thought I had a correct answer but when I sent my exploit, the lab was still not solved. After much trying I checked the community...

Last updated: Jun 20, 2024 07:20AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

REST API. Get scan status after Burp restart: Task ID not found

Burp Suite Pro version: 2.1.05; Steps to reproduce: 1. Start Burp Suite Pro; 2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan; 3. Poll scan status...

Last updated: Jun 19, 2024 04:07PM UTC | 13 Agent replies | 13 Community replies | Bug Reports

Burp Browser Doesn't Work After Update

I have updated to the latest stable version v2023.5.2, and the burp browser was uninstalled from the burpbrowser directory. When trying to use the browser, the following error message pops: java.io.IOException: Cannot run...

Last updated: Jun 19, 2024 01:13PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Burp possibly doesn't close HTTP2 gRPC connection gracefully

First of all, thank you for your great efforts to make HTTP2 available in Burp. I'm using Go gRPC example application named RouteGuide(https://github.com/grpc/grpc-go/tree/master/examples/route_guide) to check Burp can...

Last updated: Jun 19, 2024 05:05AM UTC | 11 Agent replies | 17 Community replies | Bug Reports

Basic clickjacking with CSRF token protection

I'm having trouble with this lab. When I click on 'View exploit' I have the login page coming up, of course with no 'delete' button. I'm using Burp's browser Chromium and here's my script, of course I'm changing the lab Id...

Last updated: Jun 19, 2024 05:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BCheck Scanning issue with report issue and continue on scan launcher

Hey, just looking to see if its a known issue RE: Bchecks using "report issue and continue" via a host it works via the test cases tab but on running via "scan" and "launcher" and run with "Audit checks - BChecks only" and...

Last updated: Jun 18, 2024 12:42PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Repeter changes http method

If a server advertises h2 in ALPN, the repeater tool changes protocol to this and refuses to change back. To repeat, create a new tab in repeater and paste the following content: -------- GET / HTTP/1.1 Host:...

Last updated: Jun 18, 2024 11:02AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Offline password cracking

Hi all, I'm unable to spin up that lab. I'm always met with a 504 "Page isnt working now" error code. I know some of yours labs have been under maintenance for the past days; I was wondering if thats also one the lab...

Last updated: Jun 17, 2024 09:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: Cross-Site WebSocket hijacking

Hi BurpSuite team ! I was hoping I could practice CSWSH but the lab is not working. A new tab is opened, and eventually closed automatically. Is this lab also part of the on-going maintenance? Thank you!

Last updated: Jun 17, 2024 09:52AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Cursor Not Accurate at Request/Response Editor

Hello, i have a problem with my burp. After I installed the latest version, my cursor is not accurate. It happens at request/response editor. For example, when I try to edit a request on the repeater tab, then I click on a...

Last updated: Jun 15, 2024 03:35AM UTC | 10 Agent replies | 14 Community replies | Bug Reports

False Positive based on Last-Modified header

Hi, Burp Scanning does check for "Date" header and its modification, even though its modified in response, it wouldn't call that a "Response Modification". However, the header "Last-Modified" is not whitelisted and...

Last updated: Jun 14, 2024 03:20PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Clickjacking labs not working

I have tried some of the apprentice clickjacking labs in the past and could not complete them even though the payload aligned perfectly. I have now come across this issue again in the lab: Exploiting clickjacking...

Last updated: Jun 13, 2024 06:57AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BurpSuite is unresponsive.

I clicked 'Compare Sitemaps' and it fills up to 100%, BurpSuite is unresponsive. Env: m3 max, I won't include the version of Java in Burp as it uses the bundler anyway (system uses openjdk 21.0.3 Zulu)

Last updated: Jun 12, 2024 11:02AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 4 of 148

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image