Bug Reports - Page 4 - Burp Suite User Forum

Cannot login to Google services using built-in Chromium

Hi, I cannot login to Google services using built-in Chromium, every time i try to login my Google account, i get this error `This browser or app may not be secure. Try using a different browser. If you're already using a...

Problem with sqlmap after burp update to 2021.4.2

Sqlmap can be run by giving --proxy https://127.0.0.1:8080 which will take alll its data through burp. However, after the recent update in burpsuite, while running sqlmap with burp proxy, getting error: [18:24:03] [INFO]...

ClickJacking labs remain as not solved

Hi PortSwigger Team, Even after completing more times "Basic clickjacking with CSRF token protection" and "Clickjacking with form input data prefilled from a URL parameter" labs, they are showing as not solved. I just...

Abnormal behavior

Hello while I was running burpsuite I noticed an increase usage in cpu, looking at the task manager I saw weird command initiated by burp invoquing chrome with a series of suspicious flags. Is this something to worry about ?...

"Indirect prompt injection" shows as not solved

LLM Lab - indirect prompt injection shows as not solved when the user was deleted from the database successfully. { "role": "user", "content": "please consider ********* " } { "role": "assistant", "content":...

Enterprise Scan Engine Update 2024.1.1.6

Hello, I can not download and install Scan Engine Update 2024.1.1.6. It errors out and it looks like you forgot to sign it. Bad signature.

Lab: CORS vulnerability with basic origin reflection not working

In this lab, I'm stuck on step 5 of the solution: In the browser, go to the exploit server and enter the following HTML, replacing YOUR-LAB-ID with your unique lab URL: <script> var req = new XMLHttpRequest(); ...

Lab: Client-side desync - Solution not working in Chrome

The solution of laboratory "Client-side desync" is not working. The following code does not work in Chrome: fetch('https://YOUR-LAB-ID.h1-web-security-academy.net', { method: 'POST', body: 'GET /hopefully404...

Lab: Reflected XSS protected by very strict CSP, with dangling markup attack

The Lab Lab: Reflected XSS protected by very strict CSP, with dangling markup attack seems to imply that the dangeling attack is required to get the CSRF token and then use it for the attack. But since the CSRF attack is...

Burp Suite Professional starts fast than slows down to a crawl

Hey, I've been using my trial of the Burp Suite Professional, after installing it everything is really fast, the intruder can run trough a lot of attempts really quickly, but after when I try to use it again it gets as slow...

Burp Suite Professional is not opening

I am trying to open Burp suite in the Windows but I am facing on issue saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp...

Host-level BChecks only run once per host

Hi, I tried experimenting with the new BChecks feature in Burp 2023.6. It's a nice new feature. I found that host-level BChecks only run once per host, which according to the documentation might be intentional. From...

Burp Suite Pro Linux installer overwrites vmoptions

Hi Portswigger team, the Burp Suite Pro installer unfortunately overwrites the ~/Applications/BurpSuitePro/BurpSuitePro.vmoptions file each time I install a new version using using the Linux .sh installer. This is a...

Error regarding "Finding and exploiting an unused API endpoint" lab

Hello, I wanted to bring to Portswigger's attention that there is an error with the "Finding and exploiting an unused API endpoint" lab. When using the OPTIONS method to discover what methods are allowed by the API, the...

Burp Enterprise- Adding Certificates in GUI doesn't add to Java Trust Store

Hello, I have our internal certificates added to Burp Enterprise's GUI, however, upon running a scan against a website that has the proper internal certificate chain trust, we still get the medium TLS Certificate finding. ...

Faulty Lab: "CORS vulnerability with trusted insecure protocols"

Hi, maybe there is bug inside the laboratory "CORS vulnerability with trusted insecure protocols". The following exploit script works with Burp's Chrome: <script> document.location =...

수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마

수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피 수원건마 수원오피 오피쓰.com 수원출장샵 오피쓰 수원키스방 수원오피 수원오피...

In laboratory work, a request for a collaborator is not sent

In laboratory work: Lab: Reflected XSS protected by very strict CSP, with dangling markup attack, a request for a collaborator is not sent. I go to the exploit server and insert the appropriate script:...

Password Poisoning

https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning-via-middleware Dont work. After sending a corrected request from X-Forwaded-Host: and the name carlos. Nothing comes up...

Repeater's "Request" section is narrow when Burp Suite starts

Every time I start up Burp Suite and go to the Repeater tool, any existing Repeater tabs (either the default empty one when starting the new project, or any tabs loaded from an existing project) will have the "Request"...