Bug Reports - Page 48 - Burp Suite User Forum

Web Security Academy lab not working

The lab "Exploiting HTTP request smuggling to perform web cache poisoning" is not working properly. I can't seem to poison the cache using the request provided at 4. I do get the 302 Found response but to effect. Also...

Request Smuggling lab problem

Hello, I already posted about this issue yesterday but didn't get any answer from it so I'm re-posting. This issue is still here. I'm available if any agent wants to look into the problem. The lab "Exploiting HTTP request...

Context Menu Sometime Not Workig In Release - 2022.7.1

Hi Team, I recently updated to Burp Pro v2022.7.1. I noticed that sometimes the second level context menu don't work. Steps to reproduce: 1) Intercept a request 2) Then right-click to get the first level context...

Lab "Authentication bypass via OAuth implicit flow" seems to be broken

When I try to go to "my account" in this lab I get the following error: SessionNotFound: invalid_request at Provider.getInteraction (/opt/node-v18.12.1-linux-x64/lib/node_modules/oidc-provider/lib/provider.js:50:11) ...

Web Security Academy bug

Hi there. The Web shell upload via path traversal challenge seems to be broken for me right now. I got to the point where I have uploaded a working PHP web shell and I can execute cat /home/carlos/secret and I get...

burpsuite not importing self signed certificate from keystore explorer

by refering this blog i generated certficate and tried to import in to burpsuite. https://medium.com/hackers-secrets/adding-a-certificate-to-android-system-trust-store-ae8ca3519a85 but burpsuite gives **failed Import...

Broken lab in academy

Dear PortSwigger community and team https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft lab seems to be broken since even solution provided leads to app...

Hi i'm having a problem

Unfortunately I have had to reinstall my pc on several occasions and now when I try to install burp suite, I get the error "No more activations allowed for this license" Could you help me...

Division by zero while loading a saved project

I am using v2021.5.2 and loading a project written with it. Unfortunately the project has a fault and keeps reporting division by zero at every load. Is there something I can do to fix the project file? The...

Burp Suite Proxy - Intercept domain name with underscore

Hello PortSwigger team, In a recent penetration test project, I encountered an issue with intercepting HTTP traffic since the new version of Burp Suite doesn't know to handle domain names with underscores. After some...

Lab is not solved by its own written solution

I tried to solve the lab "CORS vulnerability with basic origin reflection" using the written solution.This is what it ends up showing in the accesslog...

Missing linebreak makes response unavailable in proxy\repeater

Missing linebreak makes response unavailable while using a repeater or proxy. Probably for other features as well. Details: While testing an internal written webserver app i discovered some requests are marked as...

I cant use Burp Collaborator client

As i told previously here i changed a new PC so kindly give me a new Activation key also burp collaborator not working in previous modules

Option "Show the crawl in a headed browser" not present

Hi, I'm trying to start a Scan using the Burp's Browser for crawl and audit. I also want to be able to watch the crawler in a headed browser, so I've been looking for the option "Show the crawl in a headed browser" that...

burp collaborator always shows my external ip

hello whenever i scan targets in and issues activity shows out-of-band resource load (HTTP) it always shows my own external IP in the Description of collaborator HTTP interaction,and when I tested it too I got the same...

Lab can be completed without performing all the required tasks.

Hi, there is an issue in the following lab: https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data The lab objective is to perform an SQL injection attack that causes the application to display...

Burp Scanner Bug

Hi, I recently launched an active scan using Burp scanner, while the issue reporting is acceptable. The request and response are both off most of the time and do not reflect the reported vulnerability. For example, the...

HTTP history entry disappears !

Hello, I am working with Burp Suite Community Edition Version 2022.12.5 (2022.12.5) I have setup a basic apache2 http server with a page with contains 4 bytes: 'aa{a' When I am browsing this webpage with firefox...

Lab Username enumeration via account lock

Hi all, I'm not able to solve lab "Username enumeration via account lock". Despite I'm trying to send Intruder requests in chunks of 20 usernames, I'm receiving 200 OK and lengths of 2976 bytes with no variations.

update to v2022.12.5 use spider not deeper

HI I update version to v2022.12.5 and I use spider config, the config before update already set . I found a problem. the spider not total found path with same spider config example old version v2022.8.5 I use...