Bug Reports - Page 41 - Burp Suite User Forum

Cookie Disappears

Hi PortSwigger, When I'm sending a request with a Notification Cookie (Lab: Authentication bypass via encryption oracle) it responds with an 200 OK, but the Notification Cookie disappears and the response doesn't show the...

Potential bug in lab "Web cache poisoning via HTTP/2 request tunnelling"

Hi, I'm trying to resolve the lab "Web cache poisoning via HTTP/2 request tunnelling". For some reason the server returns the error 504. May you advice? https://snipboard.io/pGVzvB.jpg Cheers, Jesús

Lab: Basic password reset poisoning seems to be broken

From the lab solution step 6: "Back in Burp Repeater, change the Host header to your exploit server's domain name (YOUR-EXPLOIT-SERVER-ID.exploit-server.net) and change the username parameter to carlos. Send the...

Server sends 403 if I use Burp Suite.

While logging fetch requests on https://hilton.com I noticed some requests were getting blocked if I used burp suite proxy, but the same wasn't the case without burp proxy in b/w. I cannot find the cause for it. Can someone...

Received Query must not be null error message for create schedule item graphql query but it is working fine in postman

body = """ { I have tested below mutation query using postman and got the successful response. However when I tried to use the same code in python, I am always getting below error message. response status...

Burp Enterprise Kubernetes Helm Chart - Troubleshooting bsee-connection-check OOMKilled Error

Hello, I installed Burp Enterprise in a Kubernetes cluster through the provided Helm chart, and I ran into a strange issue with the bsee-connection-check job running out of memory. After modifying the values.yaml file to...

Bug in lab "SSRF via OpenID dynamic client registration"

Hi there, I would like to let you know that the Oauth server returns the error "Internal Server Error" in the lab "SSRF via OpenID dynamic client registration". May you have a look at it? Thanks, Jesús

I can make sure I'm doing everything right, but almost every experiment that requires a web extension service to submit to a victim fails to complete the experiment after submission

I can make sure I'm doing everything right, but almost every experiment that requires a web extension service to submit to a victim fails to complete the experiment after submission！！！！！！

Lab from all topics

Hello! Have completed all 23 "Lab from all topics" from "Exam preparation steps", but in Dashboard tab it shows 22/23. I think it is bug. Please help me. Thanks!

Certification

Hello, I have been working on Burp Suite certification (2/3 or 3/3). I have encountered a File Path Traversal and have tried various solutions, including different payloads, obfuscation, encoding in various ways, and even...

SQL injection false positives with Keycloak SSO?

Testing with the latest release of BurpSuite Pro against an instance of Keycloak 16, I get a number of reports of "SQL injection" issues. However, when looking at the response HTML I see no indication of any errors, which...

Scan Engine Disabled

Our team already tried injecting the license key. But when updating to V2023.2 burpsuite, the scan engine is disabled. They have tried fixing it but still can't. Could you please help to fixing it?

Broken Extensions preferences since burpsuite_pro_v2023.1.2

Hello, Since burpsuite_pro_v2023.1.2 the extensions cannot load their previous preferences. The extensions load/save the preferences by the following APIs: - loadExtensionSetting(name) - saveExtensionSetting(name,...

Burp Browser Doesn't Work

Hi, the following error message is displayed when I click on open browser in the proxy menu: net.portswigger.devtools.client.impl.connection.local.n: Failed to read dev tools web socket The browser opens, but I cannot...

Two Report Different in one Site map when I can 2 day

Hi, I need your help. I have a problem with the report. For example, on the 15th, I scan and export the report. I can clear the cache, but the 17th export includes lots of Issue Definitions that have responses in the 15th.

Lab: Host header authentication bypass seems broken

After quite some trial and error and taking a look at the solution, it seems the lab is broken in its current state. Submitting the following request based on the solution will result in the server not responding and...

HTTP Request Smuggler options and button not visible with increased font size

Hey Folks, I have my font size set on 15 on a QHD (2560x1440) screen with 125% scaling and when I try to use the HTTP Request Smuggler extension I am unable to see some of the options nor the button to start the extension...

Active Scan stops after some time.

Hello This issue fairly occurs with "bigger" websites. It feels like scanner bloats and stops working. Is therea any solution for this? Do you guys need some kind of report or log from my end? Thanks in advance

installer on fedora 35 dispaly an-empty-red-/rose-dialog-no-buttons-nothing

I opened a thread on Feb 9, 2023 as I was not able to continue installing Burp...

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS does not work correctly

Hi! A correct POC (generated by Burp Clickbandit, tested in Chromium Version 111.0.5563.64 (Official Build) (arm64)) does not solve the...