Bug Reports - Page 52 - Burp Suite User Forum

Are Burp Suite Professional and Burp Suite Enterprise Vulnerable to Spring4Shell

Hi, Are Burp Suite Professional and Burp Suite Enterprise vulnerable to these spring vulnerabilities: https://tanzu.vmware.com/security/cve-2022-22965 https://tanzu.vmware.com/security/cve-2022-22963 Thanks. D.

Xpath injection issue because of the the word "xpath" in the response

The string 'XPath' happens to appear in our HTML response as a part of the Google analytics payload and that section has nothing to do with XML or XPATH. In fact, we are returning the word "XPath" explicitly in the...

Burpsuite session is killed in the middle of scan

Hi The burpsuite session is killed when in middle of the active scan . I have launched the tool with command line java -jar -Xmx4g /path/to/burp.jar I'm running burp on Debian GNU/Linux 11 (bullseye) java -jar...

Burp Suite enterprise edition - Scanners are getting deleted automatically

Hello Burp Support team, Currently, I'm using Burp Suite enterprise edition - when I schedule scans in the night hours, we are observing that Burp Scanners are getting deleted automatically from Burp Server. We have...

Request body disappears in intruder when scrolling over to the right

When sending a request to intruder, if the request body is really long and scrolls outside of the window to the right, the text disappears when scrolling to the right to view it. This only seems to happen to the message body...

PortSwigger Academy - Advanced request smuggling - Spelling Error!

Hi PortSwigger, loving your labs! However; I noticed a spelling error on your page! "we've mitigated this by included a trailing parameter" - when it should be: "we've mitigated this by including a trailing...

Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists.

Getting this problem in the lab - https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass

Lab: Stealing OAuth access tokens via an open redirect

Hello! I have an issue with the lab, I followed the steps for the solution many times from different browsers, also I followed step by step the community solution video but when I "view exploit", I got a response "Resource...

Scans created with REST API are put on pause since v2021.12

It looks like scan automation is broken in Burp Suite Professional since release 2021.12. `2021.10.3` is the last version that can be used to automate scans in headless mode. Expected behavior: * scan is started after...

Potential Bug - Burp Pro 2022.2.4

I've had issues with Burp ever since this release came out with BurpSuite Professional. I isolated the issue first to Burp Pro, because Burp Community worked fine on the same VM. I troubleshot further by cloning the VM and...

JSON Request broken when scanning a defined insertion point

Hi! When I configure a scanning (from intruder) to test only one parameter: { "roles":[" ...

Mystery lab challenges that require to submit solution seem to be broken

Mystery lab challenges that require to submit solution seem to be broken - correct results are not accepted. Example for the "CORS vulnerability with trusted insecure protocols" - for better visibility below requests are...

DOM-based link manipulation on detected on BURP scan

I was given a BURP report to analyze, and development of Web Apps is not my forte. I'm hoping someone can help with this. The following issues were detected on a BURP scan - The application may be vulnerable to DOM-based...

Incomplete responses in repeater, intruder as well as in collab client

Hello, I was performing an out-of-bound test (SMTP based) through collab client and I was getting partial response shown on screen. This has also happened before through repeater and intruder when I ignored it thinking it...

Burp enterprise recorded login sequence

Hello, i try use recorded login sequences in burp enterprise, and he not clicking on elements - "unable to find element for clicking on Element", in burp pro same record replay all ok. And how debug?

No NTLM Challenge Received Error

Hi, I want to use my company proxy as upstream proxy for Burp. I filled the necessary values in user settings upstream proxy part. However, Burp can't stream the traffic due to "no ntlm challenge received" error. When I...

Automatic Project Backup Fails

Using Burp Suite Pro on Windows 10. While doing a scan, it always fails with an error "Automatic backup failed". I see a popup error message, with the window title "Automatic project backup". The body of the message...

'DOM XSS in jQuery selector sink using a hashchange event' lab not solving

Hi I have successfully completed the lab entitled 'DOM XSS in jQuery selector sink using a hashchange event' however I am not receiving 'lab solved'. I have also followed the lab solution walk-through provided in case I...

Unknown host: burpsuite

Hi, i'm quite sure it comes from my configuration rather than a bug from burp, but i can't understand what i've done wrong: i get "unknown host : burpsuite" as an error in my dashboard event log and in my browser when i...

Session Handling Macro Not Waiting for Response

Hello, I have configured the Burp session handling rules in project options to check if a session is valid and if not, issue a request containing a refresh token to an OAuth API to obtain a new access token. I am then...