Bug Reports - Page 44 - Burp Suite User Forum

Scan Freezes at Active Phase 1

Hello, I'm having an issue with the scan functionality on Burp Suite Professional v2020.2.1. The same exact request works with no issues on one of the earlier versions of Burp Suite Professional's scanner, v1.7.37. This...

Basic clickjacking with CSRF token protection

Hello Support Team on the lab "Basic clickjacking with CSRF token protection" the user name and password "wiener:peter" does not work what should i do??

Web security academy lab

Lab: DOM XSS in document.write sink using source location.search inside a select element. In this lab the inspect (Q) is not working means, the storedID where mentioned and selected after putting the string in...

problem trusting a secured connection to https://perfdata.portswigger.net//feedback/submit

BurpSuite Enterprise has been intermittently, about 4 times a day, sending out a email notification of an error/warning which I can't figure out by looking at the logs why? I can't find anything in the forums and any help...

Lab: Using PHAR deserialization to deploy a custom gadget chain

I think that the solution of this lab is wrong in item number 4 [Notice that the file_exists() filesystem method is called on the lockFilePath attribute]. In my opinion, its chain will implement the following flow:...

Lab: Exploiting XSS to perform CSRF

Hi, so first i checked out how the normal request is send when we are about to change the users email and i found out that the given email parameter value is URL encoded (@=%40). POST /my-account/change-email...

Burp Suite Community Edition: Authentication with no password input but manage to access.

It is annoying trying to input password every time when opening the intercept browser. However there are 2 problems encountered. First is the error that stated my password was incorrect, but I swear it is correct, or...

Forcing HTTP/1.0, particularly using Repeater

With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should...

Burp Suite Browser doesn't trust DigiCert Certificate

Our DigiCert Certificate works fine in the 'real world', but the Burp Suite Browser says it's not secure: "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification...

Burp Crash after open any project file

Dear Team, This week, I encountered the problem of that Burp crash when I open any project file (even a temporary one). You can see the video for the...

Collaborator

Hello, Collaborator of the Burp application is not working. Screen: https://i.ibb.co/rHDGWZv/collaborator.png

Burp crashes with SIGSEGV, tested with multiple Java versions

Since this week, Burp crashes on irregular but short intervals. Completing any intruder attack is hardly possible, but the crashes do not require intruder. At some points, they occur on the loading screen, even with...

Browser Will Not Open

Recently I've encountered an issue where my browser will not open, and I get the following error message: net.portswigger.devtools.client.a9: Unable to start browser: [0707/014003.432116:FATAL:v8_initializer.cc(423)] Error...

Not able to Login

Hi Team, I am not able to login with below credentials which are provided in Clickjacking module. You can log in to your own account using the following credentials:...

Why is the default login euphemism-for-penis:euphemism-for-penis and why do we keep committing hate crimes toward poor Carlos?

title