Bug Reports - Page 4 - Burp Suite User Forum

Javascript response in Binary

Burp Pro 2023-9.2 I noticed the proxy and repeater tabs are showing a javascript file response in binary. The same shows as text when opened in browser. Not sure if this is a bug or any setting I need to change.

Client Failed to negotiate a TLS Connection to respective application

Hello BurpSuite Support, When I was trying to test a web application using Burp Suite 2.1.07 it is showing with an error Client failed to negotiate a TLS Connection to www.xxxxxxx.com: Received fatal...

Cannot log traffic to file from websockets

Hi, There is no option to log traffic from any tool when the traffic is passing from the websockets. Even though traffic is visible on the Proxy - > WebSockets history tab, it's not logged into the file. *...

Lab: Username enumeration via account lock (PROBLEM)

There is a problem in LAB(Username enumeration via account lock ), Where the account should be locked after multiple attempts. But, I did brute force usernames and passwords through intruder and it didn't trigger (You...

lab bug (SQL injection attack, querying the database type and version on MySQL and Microsoft)

I think this lab (https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft) is not working. Even I tried the Solution and that did not work!

Exploiting PHP deserialization with a pre-built gadget chain

Hello I have a problem with this lab, when I send my payload I got a next error: <div class="container"> <header class="navigation-header"> </header> <h4>Internal Server Error: Symfony...

the size of the handshake message (42556) exceeds the maximum allowed size (32768)

when configuring burp proxy to website the proxy return page on the browser with this error : the size of the handshake message (42556) exceeds the maximum allowed size (32768). any solution

Automatic Throttling Error

Start a new scan. Go to Resource Pool. Check the box next to automatic throttling. Uncheck the box next to automatic throttling. Try to launch the scan. error message: "At least one throttling option must be selected".

Academy lab bug - Web shell upload via extension blacklist bypass

This is a file upload vulnerability lab, but it seems it's broken since I only get "missing parameter" error even when trying to upload a legit comment and...

Inspector Window in Proxy Tab Expands Indefinitely when Scrolling Through Proxy History

Hi there! As the title reads- I noticed that the inspector window within the proxy tab will continue to increase in size when a user scrolls up or down through the Proxy history. To demonstrate this, feel free to check out...

Visual issue with UI on Windows 11

All of sudden I've begun experiencing an issue with Burpsuite Pro on my Windows 11 system. After I crawl a site and begin reviewing the results in various tabs, tabs and windows are popping up and sliding all over the place....

No more activation allowed for this license.

Hello Portswigger team. Unfortunately i had to reinstall my OS multiple time so i used the activation key several time but now i get (No more activations allowed for this license), Can you please help me with this...

Proxy - Miscellaneous - Unpack gzip should apply on display not on original packet

In some cases, although there is Content-Encoding: gzip in the response header, the content is encrypted first and then decrypted by gzip, especially for mobile applications. At this time, I found that if I selected this...

Academy Labs - Solved labs; attempting to share via LinkedIN is running into an error

Academy Labs - Solved labs; attempting to share via LinkedIN is running into an error. Tried it several times, does not work.

Cannot access labs with Burp browser

I can log to Portswigger site but when I press Acess the lab, I have an error message: This site can’t be reached x.web-security-academy.net took too long to respond. ERR_TIMED_OUT Same things happened yesterday. I can...

Issue on Lab: Partial construction race conditions

Hi team, After successfully exploiting the race condition and being able "to bypass email verification and register with an arbitrary email address" (I got the user registration is successful message), I am still not able...

.burp file

my burpsuite project temporary file by mistakely delted from root..can i get back?

recorded login repeating

using burpsuite pro, i did a recorded login and used it in a scan it appears to login and do an authenticated crawl, however, if I watch the task details "live crawl view" it shows logging on over and over again. Is that...

CORS with Null origin challenge is broken

Hey, It seems that this challenge is broken as the browser does overwrite the Origin header when fetching a request with JS. It does work in Burp but not in real. Another challenge seems to be broken DOM cookie...

Lab status not updating

Dear all, I am currently working through the labs of the Portswigger Academy and noticed that the status of one of the labs is not updating (blind OS command injection with out-of-band data exfiltration). I used multiple...