Bug Reports - Page 47 - Burp Suite User Forum

Lab: Web cache poisoning via ambiguous requests broken

Hi No matter what I do inside Repeater, the site always answers with 'Age: 0' and 'X-Cache: miss' which means I cant poison the target. I also tried removing 'Cache-Control' from the request. (no luck) When sending the...

HTTP Request Smuggling TE.CL not work on Burp v2022.3.9 on Windows

Hi Support team, When trying to resolve lab "basic-te-cl". I found that instead I already unchecked at Update Content-Length for Repeater but after sent out the payload exactly the same as the solution, I still can not...

No more activations allowed for this license

Hi Team, While installing the license getting error "No more activation allowed for this license". Could you please help. Regards Ankit Gurjargour

Failed to update BApp list

I have just downloaded and installed burp pro, activated it and tried to install some extensions. I have changed no other settings. The BApp store is empty with an error in the bottom right corner 'failed to update BApp...

Turbo Intruder does not send requests

Hi, just doing the LAB: Web shell upload via race condition but everytime i start the Attack with Turbo intruder, it sends no requests but puts them in Queued. Here's my code: def queueRequests(target, wordlists): ...

Embedded browser use 100% CPU on Linux

Hi, I'm using Burp on Linux with .sh installer version 2022.3.9. First I couldn't start the embedded browser because of the sandbox error so I ran: find .BurpSuite -name chrome-sandbox -exec chown root:root {} \; -exec...

Match-and-replace rule for request 1st line seems broken

Hi guys, The match-and-replace rule for request 1st line doesn't seem to work with the lastest early adopter Burp Pro (2022-5.13348). I created a few rules to disable WebSockets upgrade, and one of them is to replace...

Burp Intruder inaccurate received and completed response time

In Intruder, in order to execute blind sql injection, I selected the Received time from the columns menu in intruder attack window. While executing the attack, I noticed that the response times are not correct after the...

Web cache poisoning via ambiguous requests

Currently the lab can't be completed since _lab and session cookies have the Httponly flag when the lab is first loaded. The alert(document.cookie) will never fire correctly.

Failed to connect to sitename.net:443 - Only AWS Sites

I'm running the latest version of Burp Pro and FireFox. I have the certificate installed correctly. I'm not going through a corporate proxy when I test. Just figured I'd get that info out of the way now. We are...

Bug in "CORS vulnerability with internal network pivot attack"?

Login form on the lab (/login endpoint) returns 500 error during logging attempt from main page (but looks like /login works from victim's browser). For me it looks a bit of insane to find Blind XSS in non-working login...

Portswigger Labs not working

Hi your portswigger labs are not working for unknown reasons I tried it with multiple browsers and networks. Getting an error message. Please Solve it soon. For instance try to open this one...

Labs unable to load

Hi, Currently I'm finding some problems to load and also store the finish labs on my profile. Could be this issue resolved?

[Xorg] Maximum number of clients reached / Error: cannot open display: :0

Hello guys, I am using BurpSuite Professional : Burp Version 2022.3.9 Build Number 13363 Update Channel Stable Burp Browser Version ...

Site Map is not working

After proxying the browser through the burp I'm not able to see the site maps

Bug in "Authentication bypass via OAuth implicit flow" lab

The lab returns 500 error during replay request to /authenticate endpoint with Carlos email. According to solution there is should not be error and i must get the authentication cookie.

Screen Tearing

Whenever I try to set any number values in burp>>intruder>>payload>>Numbers>>Number Format. This happens when i use numbers of more than 2 digits. The whole burp windows glitches and screen tears off. I have been facing this...

Private collaborator server not starting with valid certificates

Hi, I am trying to deploy a private burp collaborator instance and hitting the following error message: May 23 20:46:28 collab java[16727]: 2022-05-23 20:46:28.898 : Using configuration file...

Crawling a web site results to bloated project file

When crawling a web site, using crawling and audit's default settings. my project file size grows almost to 20GB. And when the project file gets that big, the backups will also file (not enough space on my disk). When i...

UI bug in Intruder -> Payload Options[Simple list]

Dear support team, while dealing with the labs I spotted a UI bug in the Simple list -> Payload Options in the Burpsuite's Intruder component (Community Edition v2022.3.8). Steps to reproduce: 1) Create a simple list...