Burp Suite User Forum

Create new post

Burp Suite Professional v2024.1.1.4 - Clicking Site Map Entry Shows Request/Response Data from Previous Item

When clicking an item in the site map the request and response data returned doesnt always match the item clicked. For example when clicking the following items /Authorisation, /Browser and then /login the request/response...

Last updated: Mar 04, 2024 08:50AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

unable to intercept any requests on burp installed on mac

I'm unable to intercept any requests on newly installed community version burp on MAC. i have tried burp browser and as well other browsers. Nothing worked. i dont see any history or any calls till date. kindly help.

Last updated: Mar 02, 2024 04:01PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

communication error on request but works fine in repeater

Hi when intercepting requests from application I am testing, two requests is failing and in the dashboard i see communication error, but when i send those requests to repeater the work as indented. below the request...

Last updated: Mar 01, 2024 04:59PM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Problem with BS community option

https://forum.portswigger.net/thread/established-connection-aborted-by-the-software-87817cf7 I have the same problem here literally

Last updated: Mar 01, 2024 02:15PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Exploiting clickjacking vulnerability to trigger DOM-based XSS - Invalid CSRF token

Hi, how's everyone doing? I have been trying to solve this lab, but when doing the clickjacking, the form throws the following error: "Failed to submit feedback: "Invalid CSRF token (session does not contain a CSRF...

Last updated: Mar 01, 2024 01:42PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Proxy (Chromium) not working on some sites

I am currently using the latest version of Burp Suite Community and I cannot get access to any sites without needing to relaunch the browser. On initial launch, the proxy works for the Chromium browser, but after a while it...

Last updated: Mar 01, 2024 12:08PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Unable to intercept a traffic on a Mobile App(iOS and Android)

Good Day, I was trying to intercept a traffic from a mobile device both iOS and Android, one application doesn't show any traffic on Burp, I tried turning Intercept, but still it was able to login to the application. No...

Last updated: Mar 01, 2024 11:59AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Multistep Clickjacking Lab Queries

I am facing an issue where, after storing the code, upon selecting "view exploit", it does not display the delete account page. Despite attempting multiple URLs, I couldn't locate the page; instead, the login page remains...

Last updated: Feb 29, 2024 06:01PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Academy Path Traversal Labs Not Working as Intended?

I'm having a nice time working through the academy labs. I've just started working through the path traversal labs where the focus is getting the server to load the /etc/passwd file. I've completed both the "File path...

Last updated: Feb 29, 2024 12:01PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

In CL.0 request smuggling LAB, there exists vulnerability XSS

This is not a report. This is to announce something interesting that I just found during this lab practice.

Last updated: Feb 29, 2024 09:08AM UTC | 0 Agent replies | 0 Community replies | Bug Reports

BurpSuite Professional v2023.1.2 unable to connect to https://www.google.com

Just freshly installed Burp Suite Professional version 2023.1.2 Launched built-in web browser from Proxy -> Open browser. Tried to connect to https://www.google.com and received No response received from remote server....

Last updated: Feb 27, 2024 04:05PM UTC | 3 Agent replies | 4 Community replies | Bug Reports

PortSwigger Lab: Web cache poisoning with an unkeyed cookie

Having the same issue with Webcache Poisoning - unkeyed cookie. Have managed to trigger the pop up on the site whenever a viewer loads homepage, but the automated user who is supposed to visit the site never does. Not...

Last updated: Feb 27, 2024 02:03PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

solved lab is showing not solved

i've succesfully sovled the lab Method-based access control can be circumvented but it shows that i dint solve it when i am redirected to the homepage

Last updated: Feb 27, 2024 01:50PM UTC | 27 Agent replies | 60 Community replies | Bug Reports

help bug..

I can't write anything..........

Last updated: Jan 10, 2024 08:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

MontoyaAPI v2023.12.1 Invalid URL Exception in includeInScope API

Hello, many thanks to your efforts on the cool Montoya API. I'm using a MontoyaAPI v2023.12.1 (net.portswigger.burp.extensions:montoya-api:2023.12.1) with a BurpSuite Professional v2023.12.1 for Intel Mac. My custom...

Last updated: Jan 09, 2024 03:08PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Paused-Based Desync Detection reporting HTTP/2 requests

Hello! Burp Scanner's Client-Side desync check will sometimes report a firm status and confirm a paused-based desync vulnearbility. However. the attached requests on the issue, state that the requests are HTTP/2, which...

Last updated: Jan 08, 2024 02:58PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Academy Mystery Labs - File upload challenges are missing /home/carlos/secret

I have noticed that all of the Mystery challenges for file upload vulnerabilities do not have the required '/home/carlos/secret' file. This makes it impossible to submit the solution. Steps to reproduce: 1)...

Last updated: Jan 08, 2024 01:30PM UTC | 5 Agent replies | 3 Community replies | Bug Reports

Issue in an Academy Lab

Hello it would seem that there is an issue with the Lab for: "Exploiting server-side parameter pollution in a REST URL". After the request for the passwordResetToken is submitted the response does not have a valid password...

Last updated: Jan 08, 2024 12:00PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Macth And replace does not work

Hello, Burp Suite Professional and Comunity version has an issue when the match & replace rule does not work. I have Macbook Pro with M1 and thought that was the issue but while testing with windows and i9 Macbook,...

Last updated: Jan 08, 2024 10:27AM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Burp Suite Repeater not working

I am running Burp Suite on Kali Linux via an Oracle Virtual Box instance on Windows 11. Following the labs when I send a request to the Repeater and then press Send, no response ever comes back. I did get a warning message...

Last updated: Jan 08, 2024 09:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 5 of 142

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image