Burp Suite User Forum
Hi, Are Burp Suite Professional and Burp Suite Enterprise vulnerable to these spring vulnerabilities: https://tanzu.vmware.com/security/cve-2022-22965 https://tanzu.vmware.com/security/cve-2022-22963 Thanks. D.
The string 'XPath' happens to appear in our HTML response as a part of the Google analytics payload and that section has nothing to do with XML or XPATH. In fact, we are returning the word "XPath" explicitly in the...
Hi The burpsuite session is killed when in middle of the active scan . I have launched the tool with command line java -jar -Xmx4g /path/to/burp.jar I'm running burp on Debian GNU/Linux 11 (bullseye) java -jar...
Hello Burp Support team, Currently, I'm using Burp Suite enterprise edition - when I schedule scans in the night hours, we are observing that Burp Scanners are getting deleted automatically from Burp Server. We have...
When sending a request to intruder, if the request body is really long and scrolls outside of the window to the right, the text disappears when scrolling to the right to view it. This only seems to happen to the message body...
Hi PortSwigger, loving your labs! However; I noticed a spelling error on your page! "we've mitigated this by included a trailing parameter" - when it should be: "we've mitigated this by including a trailing...
Getting this problem in the lab - https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass
Hello! I have an issue with the lab, I followed the steps for the solution many times from different browsers, also I followed step by step the community solution video but when I "view exploit", I got a response "Resource...
It looks like scan automation is broken in Burp Suite Professional since release 2021.12. `2021.10.3` is the last version that can be used to automate scans in headless mode. Expected behavior: * scan is started after...
I've had issues with Burp ever since this release came out with BurpSuite Professional. I isolated the issue first to Burp Pro, because Burp Community worked fine on the same VM. I troubleshot further by cloning the VM and...
Hi! When I configure a scanning (from intruder) to test only one parameter: { "roles":[" ...
Mystery lab challenges that require to submit solution seem to be broken - correct results are not accepted. Example for the "CORS vulnerability with trusted insecure protocols" - for better visibility below requests are...
I was given a BURP report to analyze, and development of Web Apps is not my forte. I'm hoping someone can help with this. The following issues were detected on a BURP scan - The application may be vulnerable to DOM-based...
Hello, I was performing an out-of-bound test (SMTP based) through collab client and I was getting partial response shown on screen. This has also happened before through repeater and intruder when I ignored it thinking it...
Hello, i try use recorded login sequences in burp enterprise, and he not clicking on elements - "unable to find element for clicking on Element", in burp pro same record replay all ok. And how debug?
Hi, I want to use my company proxy as upstream proxy for Burp. I filled the necessary values in user settings upstream proxy part. However, Burp can't stream the traffic due to "no ntlm challenge received" error. When I...
Using Burp Suite Pro on Windows 10. While doing a scan, it always fails with an error "Automatic backup failed". I see a popup error message, with the window title "Automatic project backup". The body of the message...
Hi I have successfully completed the lab entitled 'DOM XSS in jQuery selector sink using a hashchange event' however I am not receiving 'lab solved'. I have also followed the lab solution walk-through provided in case I...
Hi, i'm quite sure it comes from my configuration rather than a bug from burp, but i can't understand what i've done wrong: i get "unknown host : burpsuite" as an error in my dashboard event log and in my browser when i...
Hello, I have configured the Burp session handling rules in project options to check if a session is valid and if not, issue a request containing a refresh token to an OAuth API to obtain a new access token. I am then...
Page 52 of 142
Your source for help and advice on all things Burp-related.