Burp Suite User Forum

Login to post

Bug in Lab - Reflected XSS with some SVG markup allowed

Hi, first I want to thank you for these awesome labs! They really rock! Unfortunately I think something is wrong with this challenge:Reflected XSS with some SVG markup allowed. I am able to trigger an alert box, but it...

Last updated: Oct 23, 2020 10:35AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

web cache poisoning lab does not cache my response

i did everything as stated in the solution yet my response didnt get cached. GET / HTTP/1.1 Host: accf1f231fabbe8c801e0f8d00fd0017.web-security-academy.net X-Forwarded-Host:...

Last updated: Oct 23, 2020 09:01AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

New Scan says out of scope for in-scope URL

Hi there, Burp 2.0.3 is telling me that the scope URL I'm defining for a new scan (when clicking the button in the dashboard) is out of scope. URLs to scan: http://192.168.44.32/ Currently defined as scope...

Last updated: Oct 23, 2020 07:46AM UTC | 8 Agent replies | 7 Community replies | Bug Reports

Reporting an issue with UTF-8 characters results in garbage

We have German text in issues generated by an extension we've written. Burp displays it correctly, but when reporting the issues in XML form, the Umlauts and other non-ASCII characters get garbled. To replicate: create a...

Last updated: Oct 22, 2020 02:30PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

readhandshakerecord when trying to capture server side events?

When I try to open the login page the browser connects to sseLogin.php. In Burp this request never gets a response in the HTTP proxy history (as if it would wait for eternity). I get a readhandshakerecord error in my event...

Last updated: Oct 22, 2020 08:40AM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Burp errors out when we try to start and create a new project

Hi Guys, Could you please let us know why Burp suite tool is throwing an error and ends the session. We have started using burp after few months and we renewed our license today. Here are more details: It died with...

Last updated: Oct 21, 2020 08:17AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

SQL Injection Database Version : Labs

Hi In SQL Injection Lab to Find the version of Database , ideally one would need to identify number of columns in the table. For this purpose the default DUAL table is used in Oracle. However without using the DUAL Table...

Last updated: Oct 21, 2020 07:12AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp enterprise (graphql api) always returns 0 on site's parent_id when querying the scans

Hello, When querying the scans or getting a single scan, when checking the folder to which a site belongs, it always returns 0 (ROOT) folder. Example: query getScans { scans { id ...

Last updated: Oct 20, 2020 09:42AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Embedded browser not working on windows 10

Hello I have the latest version of burpsuite pro 2020.9.2 with openjdk 14 GA (build 14+36). Embedded browser never worked. I'm using the binary version and not the plain jar file. The embedded browser health check output...

Last updated: Oct 20, 2020 07:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

http host header injection: password reset poison labs not working

https://portswigger.net/web-security/host-header/exploiting/password-reset-poisoning lab 2 and 3 password reset via middleware and dangling markup are not working as suggested in the solution section in lab2 wiener...

Last updated: Oct 19, 2020 10:40AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

for the maintainers of burp.gkp

When BS is opened from terminal these errors show up only in the terminal, I don't see these warnings in GUI and don't know how they effect functionality as I just noticed them today Your JRE appears to be version 11.0.8...

Last updated: Oct 19, 2020 07:50AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Error during installation

Sir I want to install burp suite but I got some error which says A JNI error even I upgrade java to 14.0.2 but not successful to install also I tried that java file to linux but same error Please help

Last updated: Oct 19, 2020 07:45AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug in "Reflected XSS into HTML context with all tags blocked except custom ones" Lab

Hello there, Good Day and I hope you're doing well! First of all thank you so much to PORTSWIGGER team for creating Web Academy. Its really great resource of learning and I am enjoying it. My name is Hardik Maru, and I...

Last updated: Oct 18, 2020 05:10PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Intruder tabs not being saved

Hi Twice I've saved my project, quit the app and when I came back and restored the project the previous intruder tabs were empty. Running version 1.7.29 64 bit on Linux. Robin

Last updated: Oct 17, 2020 08:23PM UTC | 3 Agent replies | 7 Community replies | Bug Reports

Cannot set up Chromium DevTools overrides in embedded browser

When I open DevTools -> Sources -> Overrides and select a new folder for overrides, I get the prompt "DevTOols requests full access to [path...]". I click Allow, and then nothing happens. I do not have this issue with...

Last updated: Oct 16, 2020 04:37PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Burp Suite Enterprise Cannot Use Login <form> with no action="path" attribute

Hello, I discovered an issue recently with the Burp Suite Enterprise crawler. I have a web application that populates the HTML login form action attribute using JavaScript when the button to submit the form is pressed. The...

Last updated: Oct 16, 2020 06:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Free trial version problem

Hello. I have a free trial version of Burp Suite Enterprise edition, but license doesn't work. I activate license 4 days ago.

Last updated: Oct 15, 2020 04:26PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

MacOS 10.15.7 Install - Artemis Virus Detection

During the installation of Burp Suite Community edition today, McAfee flagged 6 files all detected as versions of Artemis. libsunec.dylib -- Artemis!95E332B7C7B7 libjavajpeg.dylib -- Artemis!0D2852257B8C liblcms.dylib...

Last updated: Oct 15, 2020 09:05AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Send to UploadScanner not working

Send to UploadScanner stopped working with the latest Burp release. I have reinstalled it multiple times, restarted Burp multiple times. I also tried the original version of UploadScanner (not the Pro version from the BApp...

Last updated: Oct 15, 2020 07:50AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

burp scanner doesn't work with embedded browser

When running scans using the embedded browser the scan sends a few request while crawling (usually less than 50), then stalls indefinitely and doesn't continue running. I don't get any errors in the event logs and the scan...

Last updated: Oct 15, 2020 07:40AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 5 of 63

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image