Bug Reports - Page 4 - Burp Suite User Forum

Issue with Lab: Exploiting an API endpoint using documentation

Is everything OK with this lab? Running into some problems with it: 1. The Update email is not working properly. It throws the error: undefined: Malformed URL: query only supported with GET (undefined) 2. The /api route,...

Issue importing client TLS certificate

Hello I am having issue importing a .p12 in the "Client TLS certificates". Error is "Failed to load certificate: Tag number over 30 is not supported" Passphrase is composed of 44 alphanumerical characters. I am...

Not working Burp Browser

I can't start burp browser after last updates. I receive only Burp Browser Error with no text. The same situation appears on Ubuntu 24.04 and fresh Kali Linux virtual machine

Cache Poisoning - Unkeyed Header and Unkeyed Cookie Labs Not Working?

I solved both labs since I can trigger the correspondent alerts after requesting the main homepage address from my browser, but the Not Solved label never changes to Solved. Are there any issues related to the user who is...

Lab not being marked as solved.

Hi there, the Stored DOM XSS lab is not being marked as solved. I have followed all of the solutions provided and had the XSS execute but the lab will not mark as being resolved.

Stealing OAuth access tokens via an open redirect

the Dashoard tab wasn't visible

the Dashoard tab wasn't visible for projects with crawl tasks started。

Burp Suite UI Crash?

Hi, Sometimes I found that the Burp UI crashes like this: https://postimg.cc/bZ5nHNWV https://postimg.cc/47SjXcSb My PC uses Windows 11, CPU AMD Ryzen 9 5950X, 64GB RAM, RTX 3090 Graphic Card with 4k resolution...

OAuth account hijacking via redirect_uri works with chrome but not using burp's chromium

When I store the exploit and view it using Burp's chromium I see the following error in my iframe. However, that's not the case when I use my chrome browser. Due to this I'm not getting the auth code from admin to solve this...

Labs are not getting solved

Hey Team I am observing a bug in my portswigger account , I am solving the labs in academy but when I refresh the page it shows me not solved. I have tried to solve the same lab many times and I do solved it , the page also...

Adding Hotkeys makes the Burp Unopenable

I had added a hotkey for "add to scope" which was "ctrl+DOWN" after adding this the burp worked good but when the next day i try to open burp it didn't run rather it showed an error which was "Failed to create/access...

Academy XSS Lab Doesn't Accept My Solution

hi, lab with the title: "DOM XSS in document.write sink using source location.search" doesn't accept "https://LAB-ID.web-security-academy.net/?search=%22onerror=%22alert(1)" as a solution even though the alert shows up.

Lab not updating "Solved" status

In the "Manipulating WebSocket messages to exploit vulnerabilities" lab, I have followed the given solution and the solution provided by the YouTube video, but the LAB status still says, "Not Solved". I am using Chrome with...

labsolved but shows unsolved

Hi, I have solved CSRF vulnerability with no defenses but it does not show solved after solving the lab, I've tried repeating several times but it still doesn't work, Thanks

Horizontal Scrolling in Proxy History on Linux (+ Tiling Window Manager)

Good morning, I would like to report an issue that me and other people in our office are facing. We use BurpSuite Professional in Kali VMs, and most of us use tiling window managers. When scrolling horizontally with...

CSRF Labs are buggy not working

Currently i'm trying to solve the CSRF labs. However, it seems that these are not working properly; It seems that the system doensn't work when you "deliver exloit to user". I know for a fact that the CSRF Payload is...

Burp sending high volume of Emails

Hi team, I am reaching out because I had an incident with my customer. He received 1200 emails in half an hour while using Burp. I would appreciate it if you could share a solution for this problem/bug. Thank...

Exploit server does not behave the same depending on the browser

Hi, I've observed that the exploit server does not behave the same depending on which browser it is opened on. I've been writing and storing the exact same html content in the exploit server from Firefox and from Burp's...

Performance Issues on web academy and portswigger.com login

I am not running any automated scans against the target and have limited extensions loaded. I am regularly waiting 20 seconds for a single request, often having to cancel and resend. Logging into portswigger.com I even...

Basic Clickjacking Lab

When I try to perform the View Exploit function on this lab I receive "Resource not found - Academy Exploit Server", stopping me from completing the lab.