Burp Suite User Forum

Create new post

Solved labs in the Academy are not shown as solved.

Hello, I solved the levels listed below but it is not noted outside the lab (e.g. "Track my progress"). However, when I access the labs I receive the message "Congratulations, you solved the lab!". Lab: Reflected XSS...

Last updated: Aug 08, 2024 09:23AM UTC | 5 Agent replies | 4 Community replies | Bug Reports

Payload still encodes after unchecking "Url-encode these characters" checkbox

Found on Burp Suite Community Edition v.2020.12.1 1. I'm trying to start intruder attack with following payload: type: recursive grep initial payload: 2021-01-12 16:27:24.056815 (timestamp with characters wich...

Last updated: Aug 08, 2024 07:05AM UTC | 4 Agent replies | 2 Community replies | Bug Reports

Multistep Clickjacking Lab Queries

I am facing an issue where, after storing the code, upon selecting "view exploit", it does not display the delete account page. Despite attempting multiple URLs, I couldn't locate the page; instead, the login page remains...

Last updated: Aug 08, 2024 07:01AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

LAB WON'T SOLVE: DOM XSS in document.write sink using source location.search inside a select element

The following lab will not solve even if the istruction are followed and the alert is spawned: DOM XSS in document.write sink using source location.search inside a select element

Last updated: Aug 07, 2024 10:50PM UTC | 1 Agent replies | 4 Community replies | Bug Reports

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Last updated: Aug 07, 2024 01:49PM UTC | 5 Agent replies | 9 Community replies | Bug Reports

Center the font

The font does not seem to be centered in the latest version of burp, but it is centered in version 2021.5.1 https://img.erpweb.eu.org/imgs/2024/08/4a23266d4308aff4.png

Last updated: Aug 07, 2024 12:19PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BLIND SQLI lab not working properly.

Hi there I was solving the lab "BLIND SQL INJECTION WITH CONDITIONAL RESPONSES" every thing was working properly until, IT comes to find the length of the password of the "ADMINISTRATOR" user in the solutions the length is...

Last updated: Aug 07, 2024 06:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: CSRF where token validation depends on request method

After I paste the CSRF exploit into Body part, I am clicking on the "Store" button firstly. When I click on the "View exploit" button, it changes the user email address. So the exploit works truely. But if I click the...

Last updated: Aug 07, 2024 06:54AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Clickjacking with a frame buster script Solve is failing

This lab is not solving. Tried in Chrome and Firefox. <style> iframe { position:relative; width:700px; height: 500px; opacity: 0.000000001; z-index: 2; } div { ...

Last updated: Aug 06, 2024 02:22PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

burpsuite chromium browser issues

Hi , i have started to use burpsuite community and everytime i launch the burp browser i get this error code like that : Not secure:https://0af1004b0337409a8006036300ee00ba.web-security-academy.net/login Any website...

Last updated: Aug 06, 2024 12:22PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Unable to solve Lab: CORS vulnerability with trusted insecure protocols

Hello, I'm facing an issue with the following lab : Lab: CORS vulnerability with trusted insecure protocols "View Exploit" works well and delivers the key on my exploit server, however "Deliver to the victim" only reach...

Last updated: Aug 05, 2024 08:46PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Availability- The website is too slow now a days

Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...

Last updated: Aug 05, 2024 07:54AM UTC | 19 Agent replies | 35 Community replies | Bug Reports

Browser chorium

I can't perform any lab because when I open the browser from Burp Suite, the browser doesn't load any page. It just stays in loading.

Last updated: Aug 05, 2024 07:51AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Multi-endpoint race conditions

I'm on the latest version of Burp Pro, and this lab doesn't work for me. It's only purchasing the gift card I put in the cart but not adding the jacket. Or it's adding the jacket but not purchasing anything. I tried...

Last updated: Aug 05, 2024 07:49AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

I'm having this error 'Stream failed to close correctly' in the 'Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data' when I forward the request after changing the parameters

Last updated: Aug 02, 2024 03:40PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Same issue as below

https://forum.portswigger.net/thread/several-labs-not-completing-even-though-exact-steps-were-followed-e69f5c36 Kindly i did exactly same. Payloads working on my side.

Last updated: Aug 02, 2024 02:51PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Audit Phase gets shows finished but gets skipped

Hi Team, When I try to do the following mentioned scan, it completes the authenticated crawl as it should but the audit phase gets skipped the next moment. It shows as finished but it doesn't run even for a second. There...

Last updated: Aug 02, 2024 01:40PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Issue in an Academy Lab

Hello it would seem that there is an issue with the Lab for: "Exploiting server-side parameter pollution in a REST URL". After the request for the passwordResetToken is submitted the response does not have a valid password...

Last updated: Aug 02, 2024 10:55AM UTC | 4 Agent replies | 4 Community replies | Bug Reports

No more activations allowed for this license

I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...

Last updated: Aug 02, 2024 09:01AM UTC | 18 Agent replies | 19 Community replies | Bug Reports

Can't send request to get trial of burpsuite pro

I am trying to send request to test pro version of burpsuite, but my email address does't fit. Can you help me ?

Last updated: Aug 02, 2024 08:42AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 6 of 152

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image