Bug Reports - Page 5 - Burp Suite User Forum

Basic Clickjacking Lab

When I try to perform the View Exploit function on this lab I receive "Resource not found - Academy Exploit Server", stopping me from completing the lab.

Hi, since yesterday some labs can't be solved even if i copy and paste the proposed solution.the labs are https://portswigger.net/web-security/cross-site-scripting/dom-based/lab-document-write-sink,...

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

CORS Origin null Lab not working in Firefox and Chromium anymore

Hi there, Context: https://portswigger.net/web-security/cors/lab-null-origin-whitelisted-attack Issue: Exploit does not trigger, when viewing the exploit on Firefox or Chromium. Still works on Google Chrome (unless you...

Issue with Burp Suite Pro Renewal - License Key Not Received

I recently renewed my Burp Suite Pro subscription and noticed a charge of $450 on my account. However, I have not received any email update or license key associated with this renewal. I have checked my spam/junk folders and...

Crawling wont start on MacOS Sonoma

I'm using Burp Pro 2024.5.3 and when I start crawling via Scan -> Crawl, a Chromium popup appears on my dock, but it won't open, and the crawl only retrieves robots.txt.

'Stream failed to close correctly' when trying to load one lab

Accidentally broke one of the labs - https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-cookie-refresh steps to reproduce: - open burpsuite chromium browser - copy...

ratelimiting intruder issue / inconvenience during the auth lab

Hi Team, During the lab I ran into an issue with the rate limiting of the community edition with the Lab: Username enumeration via account lock. Here you need to lock the account to figure out the username and see...

Solution for "Lab: SSRF with blacklist-based input filter

Hello, the intended solution of this lab doesn't seem to work. After some testing I couldn't find a way to "enter" the admin area. "Encoding" the IP address works fine, but enter "admin" doesn't work at all. I tried...

JTree not rendering correctly with BurpSuite's Look And Feel

I am working on improving on of our extensions and I noticed, that a JTree does not render correctly with the default look and feel of BurpSuite. Icons are missing and the indentation of individual notes are also not...

403 Forbidden in sollution in Academy Web cache poisoning via ambiguous requests

Hello, according to the Sollution when i use 2 HOST headers such as GET /?cb=123 HTTP/1.1 Host: 0aa300a60483e49080313f3f008e0077.h1-web-security-academy.net Host: example.com I receive HTTP/1.1 403...

Academy clickjacking lesson doesn't give you credit

I have tried to complete the lab: "Lab: Basic clickjacking with CSRF token protection", and thought I had a correct answer but when I sent my exploit, the lab was still not solved. After much trying I checked the community...

REST API. Get scan status after Burp restart: Task ID not found

Burp Suite Pro version: 2.1.05; Steps to reproduce: 1. Start Burp Suite Pro; 2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan; 3. Poll scan status...

Burp Browser Doesn't Work After Update

I have updated to the latest stable version v2023.5.2, and the burp browser was uninstalled from the burpbrowser directory. When trying to use the browser, the following error message pops: java.io.IOException: Cannot run...

Burp possibly doesn't close HTTP2 gRPC connection gracefully

First of all, thank you for your great efforts to make HTTP2 available in Burp. I'm using Go gRPC example application named RouteGuide(https://github.com/grpc/grpc-go/tree/master/examples/route_guide) to check Burp can...

BCheck Scanning issue with report issue and continue on scan launcher

Hey, just looking to see if its a known issue RE: Bchecks using "report issue and continue" via a host it works via the test cases tab but on running via "scan" and "launcher" and run with "Audit checks - BChecks only" and...

Repeter changes http method

If a server advertises h2 in ALPN, the repeater tool changes protocol to this and refuses to change back. To repeat, create a new tab in repeater and paste the following content: -------- GET / HTTP/1.1 Host:...

Lab: Offline password cracking

Hi all, I'm unable to spin up that lab. I'm always met with a 504 "Page isnt working now" error code. I know some of yours labs have been under maintenance for the past days; I was wondering if thats also one the lab...

Lab: Cross-Site WebSocket hijacking

Hi BurpSuite team ! I was hoping I could practice CSWSH but the lab is not working. A new tab is opened, and eventually closed automatically. Is this lab also part of the on-going maintenance? Thank you!

Cursor Not Accurate at Request/Response Editor

Hello, i have a problem with my burp. After I installed the latest version, my cursor is not accurate. It happens at request/response editor. For example, when I try to edit a request on the repeater tab, then I click on a...