Bug Reports - Page 51 - Burp Suite User Forum

Failed to start proxy service on 127.0.0.1:<ANY PORT>

Hi, I am having an issue where Burpsuite will not bind to any port on localhost e.g. 127.0.0.1:8080,9999 etc. OS: Windows 10 Browser: Firefox Error message: 'Error "Failed to start proxy server on 127.0.0.01:<ANY PORT...

Issues with Burp Suite Enterprise Edition deployed on GKE

Hi We have deployed burp suite enterprise edition on GKE and run an automated schedule on weekly basis. Can you please let us know how to fix below error mainly due to "browser crashing" which fails whole scan ?...

Burp's Cookie Jar Handles Cookies Differently to Common Browsers

I have an interesting "bug" for you. I was testing a website that set a session cookie upon login. When logging out, the application set the session cookie to '""' (i.e. two double quotes) rather than an empty...

CORS failure

I am using burpsuite professional at my work and testing the client web application. I am facing problem with burp v2021.8.3 which is failing coz of CORS failure. I am getting the response from application in proxy but...

net.portswigger.devtools.client.ah: Unable to start browser:

I am sorry, I am new to BurpSuite and am trying to use the Community edition on Windows/10 64bit. I am on the "Proxy" tab and have "Intercept is on". When I click the "Open browser" I get this error message: Burp...

pcsc smart card support Linux not working anymore?

Hi there, there is a problem with the feature 'User Options>TLS>Client TLS Certificates>Hardware token or smart card. The feature only seems to support "legacy" fat pcsc driver implementations, whereas most modern pcsc...

Solution to Resolve JRE Appears to be a Version 17.0.5 from Debian... Error Message

Hi Burp Suite Team, Is there a solution to fix this message that pops up when I launch Burp Suite Community Edition v2022.9.6? JRE Appears to be a Version 17.0.5 from Debian Burp has not been fully tested on this platform...

BApps do not use/update Cookie Jar in Active Scan

Hi. Working on an app with particularly aggressive session management. Session timeout is short and even with regular 'keep alive' requests the original cookie value becomes stale, the newly issued value must be used. Tried...

Internal cache poisoning unintended way

Hi, I solved the internal cache poisoning lab while I was testing the inputs. I recorded a video to show what I did: https://drive.proton.me/urls/0C3VH6VN10#RpZcgYTH5CmI

Lab "cors/lab-internal-network-pivot-attack" broken?

Hi, Issue with: https://portswigger.net/web-security/cors/lab-internal-network-pivot-attack The lab behaved pretty weird for me, not sure what's the issue. Solutions I tried: - My own (for 6h) - Official...

Bug in makeHttpRequest when handle multiple redirect requests

Hi, I have a custom extension that perform an Oauth2 authentication before start an active scan. This extension work fine right up to the version 2022.9.5. The issue I seen happen when follow Oauth2 flow by calling to...

2nd Solution in Lab: "DOM-based open redirection"

I redirected to: https://YOUR-LAB-ID.web-security-academy.net/post/comment/confirmation?postId=%22%3E%3Cscript%3Elocation%3D%22https%3A%2F%2FYOUR-EXPLOIT-SERVER-ID.exploit-server.net%22%3B%3C%2Fscript%3E but the Lab...

(Unintended Solution) for Lab: Stored XSS into anchor href attribute with double quotes HTML-encoded

Hi, The lab for teaching XSS that is supposed to encode double quotes did not actually HTML-encode the character ", the following payload works. Relevant...

Backup file deleted when running automatic project file repair

Hello, I just had a bunch of scans running, when the PC ran out of resources and crashed. (Environment: Windows 10 22H2, Burp Suite Professional v2022.9.5) After restarting the PC, upon loading the original project file,...

Burp Suite built in browser passes healthchecks but in practice does not work.

Hello, # Problem The built in Chromium based browser is appending the string "http:8080/$URL/" causing a "ERR_INVALID_REDIRECT" error. For example typing "google.com" into the URI bar without quotes and pressing...

LAB: Web cache poisoning via a fat GET request

Hi, I'm having trouble to finish this lab. I'm able to poison the cache and get alert(1) in Chrome, but the lab doesn't want to accept the solution (change the status to solved) P.S. Thanks for the Academy and all your...

Crawler does not crawl through websites thoroughly

Greetings, My team is subscribed to Burp Suite Professional and recently I ran some test on the crawler to testify on its accuracy that it is good enough to run automated scan. We've configured the crawler setting to...

Time discrepancy in Intruder vs Logger

I've been using intruder to test some timeouts. I put a request in intruder, set null payloads, set the resource pool to send a single request every 5 minutes so I can see when things quit working.. What I've noticed is...

problem-checking-license

While trying to upload licence i got this message. There was a problem checking your license Please download your license key from your account and try again. For help please visit the support center on our...

Can spin up the built in browser

net.portswigger.devtools.client.x3: unable to start browser