Bug Reports - Page 58 - Burp Suite User Forum

Burp Chromium give "Not Secure" response during training

Hi I'm getting a "Not Secure" response while training for the Burp Professional. When I tried to intercept the https://portswigger.net/ site, I can see the HTTP call in Burp. But when I forwarded the call, I'm getting a...

Deploying Burp Suite Enterprise Edition on Azure

Hello, Following the instructions there : "https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-azure" for the latest version "Enterprise Edition 2021.12.1" and using Azure ARM template I have...

Collaborator Polling Doesn't Work

I use a VM for BurpSuite, and Collaborator, on default configurations, is working very strangely. I am unable to access the created domain inside the VM, but I am able to access it outside (such as on my host machine). The...

BurpSuite Collaborator Doesn't Work

I cannot connect to any BurpSuite Collaborator domains, and I use the default Collaborator server. When running a health check, the "Polling Server Connection" returns an error. The error message says that "No connections to...

Lab: Authentication bypass via encryption oracle is not starting

Hi! Web Security Academy >> Business logic vulnerabilities >> ExamplesLab >> Authentication bypass via encryption oracle when I try to run this lab, I see a long download and then a message ERROR: "An error occurred. We...

Bad request when accessing any lab

Hi Portswigger, I get a "400 Bad request" error when I try to access any of labs. Please advise. Thanks Oliver

Burp Suite requires discrete GPU on macOS

When running Burp Suite on a macOS machine with a discrete GPU the GPU is activated which reduces the battery life of the device. Does Burp Suite specifically require access to the GPU? I suspect this is most likely...

Apache Log4j < 2.15.0 Remote Code Execution (Nix) (155999)

Tenable reported bug on Burp Enterprise Synopsis A package installed on the remote host is affected by a remote code execution vulnerability. Description The version of Apache Log4j on the remote host is < 2.15.0....

Cannot access the lab

I cannot access the lab. When I press "Access the lab", it shows "The connection has time out". I tried in Chrome, Firefox, Edge and they had same result. Thank you!

Corrupted project after reboot

Hello, I experienced a file project corruption after a suddend machine reboot (win 10). I was working on last Burp Professional version (2021.10.3). Unfortunately, the project restore was able only to recover a minimal...

Lab: Authentication bypass via OAuth implicit flow

Lab: Authentication bypass via OAuth implicit flow is broken :/ It gives SessionNotFound: invalid_request error when I try to login in your own "social media"

Scanner is crawling and auditing out of scope items.

Hello, I am attempting to automate some tests with crawl and audit. I have defined my scope to exclude *.css files. When I use scan to crawl and audit, the crawl will find the *.css files and audit will start auditing...

New Scan says out of scope for in-scope URL

Hi there, Burp 2.0.3 is telling me that the scope URL I'm defining for a new scan (when clicking the button in the dashboard) is out of scope. URLs to scan: http://192.168.44.32/ Currently defined as scope...

Not supporting ÅÄÖ characters in Extensions

Hello! I am not sure if this is a burp issue or a extension creator issue. However, i will still make an attempt in a hopeful fix to my issue! * Specs: Burpsuite v2021.10.3 Windows 10 Pro OS Build 19044.1348 Jython...

Activations

I have been getting Burp to work on an EC2 instance and apparently have exceeded my activation's allotted. Would it be possible to extend these temporarily... at least until this log4j thing is over? Thanks in...

Scans not completing

I'm having an issue with scans progressing. After canceling a scan and reviewing the debug log I notice multiple iterations of the following error. 2021-12-16 17:54:42 [r] INFO - Exception report: 2021-12-16 17:54:42 [r]...

Burp not responding

When I set my Firefox's proxy to work with burp, burp does not intercept any request, also none of the pages load on Firefox, which is quite obvious if intercept is on. Also note that I have tried to open burp with and...

Lab: Blind XXE with out-of-band interaction via XML parameter entities

I am trying to access this lab today, and it is down or returning an error when trying to load. Just for your info, so you can look into it. I've been doing other XXE labs which are working fine.

Web Academy XXE Labs

In an update to my last post, there are six labs in total affected. I've had other users at home check also, so isn't just a local issue. These are the affected labs containing error reports on loading Lab: Exploiting...

Active Scanner does not detect CVE-2021-43798 (Grafana Directory Traversal File Read)

Hi, Grafana recently posted about a vulnerability (CVE-2021-43798) in their product at https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ This...