Bug Reports - Page 52 - Burp Suite User Forum

prcatice exam button dont work

do i need to buy exam first before i try to take the practice exam? there is no button to press (only the graphic of the button) no error messages of some sotr what can i do?

Cannot find Burp Collaborator client

Hi, I use BurpSuite Pro on MacOS. I don't know why but today I couldn't find a way to open Burp Collaborator client. Normally, it was under "Burp" on the top menu bar. But today it just disappeared. May anyone help??

Open redirection (DOM-based)

Findings: The application may be vulnerable to DOM-based open redirection. Data is read from window.location.href and passed to window.location.href. Static Analysis: Data is read from window.location.href and...

Cross-site scripting (DOM-based) - Data is read from location and passed to $()

Static Analysis: Data is read from location and passed to $() via the following statement: window._gaq.push(['_trackEvent', 'Cookies', 'Learn more link clicked', $(location).attr('href')]) Vulnerable Code: ...

Error on running Could not start Burp: java.lang.UnsatisfiedLinkError: no splashscreen in java.library.path

Could not start Burp: java.lang.UnsatisfiedLinkError: no splashscreen in java.library.path: [/usr/java/packages/lib, /usr/lib/x86_64-linux-gnu/jni, /lib/x86_64-linux-gnu, /usr/lib/x86_64-linux-gnu, /usr/lib/jni, /lib,...

The ui is messed up when burp Chinese input

When I type Chinese in burp, the ui is messed up.

Burp's embedded browser refuses to load any HTTPS site.

Hi. Opening Burp -> Proxy -> embedded chromium browser. It refuses to load any site with https. If I load a site I just get a page that says "It Works!". I've reset Burp back to default a few times. I've disabled all...

Regarding Burp Web Academy Labs

SQL injection attack, querying the database type and version on MySQL and Microsoft - this lab is not working as expected. I tried solutions as well. Could you verify if this is the case?

Burp Scanner

Hello, I have recently checked the work of Burp scanner on Burp Exam where Insecure Deserialization vulnerability is present exactly, but there is no issue of this vulnerability detected by Burp Scanner. As I know other...

"Unknown Host" when DNS resolves if host is offline

I am going through a SOCKS proxy and doing DNS through that SOCKS proxy. All machines in question can resolve offline-machine.example.com to an IP address. offline-machine.example.com cannot be reached, but the DNS is...

Burp -Freeze

hi Team I would like as bout some issue 1.Java SE Development Kit 17.0.1(64-bit) 2.Burp Suite "JAR" 2022.8.5 3.Windows 8 4.Processor Inter Core i7-2700K 3.50GHz 5.Memory 16G The issue is about freeze .When I...

Solved Labs do not update Solved status.

I've been solving some of the vulnerability labs and have received confirmation each time, within the lab, that my solution has been accepted. However, outside of the lab, the status of the labs I've solved remains...

burp unable to report simple issues

hello everyone, I have been observing since 3-4 previous releases of the burpsuite pro-active scan script. I been ignoring the performance and issues been reported by the tool but recently, first without burp i found an...

Non-ascii http2 header value is incorrectly handled

Burp converts non-ascii http2 header value to "?" (0x3F). Example PHP code to reproduce the bug: ---------------------- <?php header("Location: https://aaa\xFF.bbb"); ---------------------- Burp...

Lab - Modifying serialized objects login fuction not working properly?

Dear Support, I think there is a problem with the lab Modifying serialized objects, if i try to log in with the credentials provided, I get the following server error: PHP Warning: require_once(User.php): failed to...

Web Academy Lab Access Error

When I try to access the labs. The link takes me "shopping page" or something irrelevant. Did you dismiss the lab pages. Regards

SQL solutions don't work in SQL injection attack

Hello none of the labs Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft and the next one after it work? i've tried using my browser and burpsuite and even had to use solution and still...

Burp suite using HTTP/2 when the site isn't requesting it

I am trying to visit https://opensea.io/ and burp suite changes the connection to http/2 (forces it), cloudflare automatically blocks the connection since the site doesn't support it. I want to stop burp suite of forcing...

Clickbandit -- Can anyone explain?

I have a bit of an odd issue -- hopefully, someone can get to the bottom of it. I'm testing an application missing the X-Frame-Options header. If I run clickbandit -- It refuses to load the frame -- as it violates one of...

CVE-2022-42889 impact on Burp

Above CVE is about a vulnerability in Apache Commons Text which is fixed in version 1.10. However, Burp Enterprise uses version 1.7 of this...