Bug Reports - Page 6 - Burp Suite User Forum

Cursor displayed offset to the right of text in high DPI

When running Burp Suite in a high DPI display, using UI scaling, and opening the Repeater tab (for example), trying to place the text box cursor in some text will show it offset to the right, despite any selections or edits...

arrow key not working in HTTP history tab

BURP built-in Chrome browser forcing HTTPS on HTTP site problem

Hi, I had the same problem described in the thread below (firefox) but for the Burp Chrome built-in browser! https://forum.portswigger.net/thread/burp-proxy-forces-https-in-the-firefox-private-window-5930dfca I am...

very slow and late response from web academy site

Hello, is it some bandwith trouble with web academy server? Can't do lab because of very slow response from site.

Burp Pro GUI hangs in mac Ventura 13.4.1

Hey there! Hope this message finds you well. I've recently been experiencing my GUI freezing with no apparent cause. At first I thought it might have had something to do with a lab I was working with (even tho it really...

NullPointer error when adding issue to sitemap

Adding AuditIssue via api.sitemap.add(...) causes NullPointerException This can be caused with the following minimal example: \`\`\` import burp.api.montoya.BurpExtension; import burp.api.montoya.MontoyaApi; import...

I finished Server-side vulnerabilities path but the progress was reset.

Good day! How can I restore my progress? I finished the Server-side vulnerabilities path. Then I logged in in a few weeks and I saw that I was on step 1 of the path.

Site map does not show selected request

When selecting a request in the tree on the site map panel, the corresponding request details are typically not displayed in the request and response text boxes. These text boxes usually show a previous request that was...

LAB Client-side prototype pollution in third-party libraries

Hi, can anybody double-check that DOM Invader is able to find a gadget for this one? I followed the solution steps and it doesn't seem to find the gadget as mentioned. Thank you

DOM Invader Prototype Pollution Lab

Hello I'm following along the prototype pollution lab. In the section "Finding client-side prototype pollution gadgets using DOM Invader" I follow the solution steps to solve the lab but when I click on the "Scan for...

Burp Suite Professional v2024.1.1.4 - Clicking Site Map Entry Shows Request/Response Data from Previous Item

When clicking an item in the site map the request and response data returned doesnt always match the item clicked. For example when clicking the following items /Authorisation, /Browser and then /login the request/response...

unable to intercept any requests on burp installed on mac

I'm unable to intercept any requests on newly installed community version burp on MAC. i have tried burp browser and as well other browsers. Nothing worked. i dont see any history or any calls till date. kindly help.

communication error on request but works fine in repeater

Hi when intercepting requests from application I am testing, two requests is failing and in the dashboard i see communication error, but when i send those requests to repeater the work as indented. below the request...

Problem with BS community option

https://forum.portswigger.net/thread/established-connection-aborted-by-the-software-87817cf7 I have the same problem here literally

Exploiting clickjacking vulnerability to trigger DOM-based XSS - Invalid CSRF token

Hi, how's everyone doing? I have been trying to solve this lab, but when doing the clickjacking, the form throws the following error: "Failed to submit feedback: "Invalid CSRF token (session does not contain a CSRF...

Proxy (Chromium) not working on some sites

I am currently using the latest version of Burp Suite Community and I cannot get access to any sites without needing to relaunch the browser. On initial launch, the proxy works for the Chromium browser, but after a while it...

Unable to intercept a traffic on a Mobile App(iOS and Android)

Good Day, I was trying to intercept a traffic from a mobile device both iOS and Android, one application doesn't show any traffic on Burp, I tried turning Intercept, but still it was able to login to the application. No...

Multistep Clickjacking Lab Queries

I am facing an issue where, after storing the code, upon selecting "view exploit", it does not display the delete account page. Despite attempting multiple URLs, I couldn't locate the page; instead, the login page remains...

Academy Path Traversal Labs Not Working as Intended?

I'm having a nice time working through the academy labs. I've just started working through the path traversal labs where the focus is getting the server to load the /etc/passwd file. I've completed both the "File path...

In CL.0 request smuggling LAB, there exists vulnerability XSS

This is not a report. This is to announce something interesting that I just found during this lab practice.