Bug Reports - Page 4 - Burp Suite User Forum

Scanner doesn't report previously found issues

When performing a second crawl and audit on the same website, the issues are not included in the results. The detail show that issues have been found in the app header, but they aren't loaded in the results. You'd have to...

It was observed that password and security answers are in plain text when captured the request in burpsuite

Hi Team, We have developed application using .net.It was observed that password and security answers are in plain text when captured the request in burpsuite. how can i avoid showing password as plain text? Please let...

Lab "Exploiting blind XXE to exfiltrate data using a malicious external DTD" failing

Hi Support Team, It looks like this lab is not working pretty fine. I have been a long while trying to solve it. Even more, I went step by step to the solution and the result I am being returned is not being accepted by the...

Unable to reply back to a created forum post

Unable to reply back to a forum post , anti forgery token issue

Web academy lab issue

Victim never makes call to forgot password through exploit url or it is not shown in access log reference : https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning

Copied Project uses first request in repeater rather than last made

When a project is copied, after loading it, all the requests in the repeater tab use the first request made rather than the latest. This create a very annoying situation when loading it the copied project for the first...

Opening Existing Project Stalls - 2

When we open an existing project and choose a file and click on "open" the application gets stuck over there with "open" button having dark theme highlight. Does not open the project. Need to go back to previous window where...

Password reset poisoning Lab issue

Victim never makes call to forgot password through exploit url

Content discovery is not directly mapped to site map

Hi, Performing content discovery and looking at the Site map of the discovery process one can see that the items found are not reported directly to the main 'Target Site Map'. In many cases and with the current...

Burp Pro API Scan Error

Dear Support, We are facing a problem, not sure if it's an issue or we are doing something wrong. The scenario is the following: 1. We start Burp and REST API Service 2.POST a scan to url "https://example.com" 3.We...

Unable to load JAR file

command to initialise burp: java -Xmx1G -Djava.awt.headless=true -classpath "headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar;burpsuite_pro.jar" burp.StartBurp burp version:...

Why is the Burp Suite JAR file so big?

When Burp prompts me to install an update, it gives me the option of a Windows installer, a MacOS installer, a Linux installer, or a JAR file. The installers are all around 160-180 MB in size: this seems reasonable, since...

My burp suite issues tab is not showing up.

My burp suite community edition's issues tab is not showing up. From what I've seen on youtube, a issues tab should show up on the site map tab without running any scans. Is this a pro edition feature, or is something wrong...

Intercept

Hi, I am new to burp and trying reading the tutorial for username enumeration and I'm trying to solve the lab and it doesn't intercept anything and if i use proxy then i can't run the website. Proxy is working for other...

Burp 2020.5.1 looks blurry

Hi after updating to the 2020.5.1 the burp ui and text look blurry https://twitter.com/d1pakdas/status/1276081498689384448/photo/1

Different scan ID from REST vs GraphQL API

If I initiate a scan using Burp POST REST API, I see even number (scan / task_id) as a part of HTTP response location header but if I initiate a scan using GraphQL API, I see odd number (and wrong scan id) in JSON response.

Missing PHP Code Injection Detection

Hello, I'm using Burp Pro 2020.5 and I have a PHP Code Injection vulnerability on a parameter name (both on GET and POST). The Code Injection does not work on the parameter value. Even if the "Parameter Name" insertion...

Inability to edit text within repeater/intruder

Hi, I am running version 2020.5.1 on a 2019 MacBook Pro 16". When sending requests to Intruder or Repeater, I consistently cannot edit the contents of the request for a time. Eventually this does allow me to do so, but it...

corrupted project files

Burp Suite Professional v2020.5.1 on Windows I previously ran Burp in a Kali linux VM and never had an issue with corrupted project files. Recently using a project I've had to fix corruption just about every time I...

Unable to scan all Urls of site map at once

Hi, I am using Burp Suite Professional 2.1.7. I browsed all urls of a website they were displayed in target site map then i added the host to scope. After clicking on the main url of website, if i scan it through audit and...