Bug Reports - Page 6 - Burp Suite User Forum

False Positive based on Last-Modified header

Hi, Burp Scanning does check for "Date" header and its modification, even though its modified in response, it wouldn't call that a "Response Modification". However, the header "Last-Modified" is not whitelisted and...

Clickjacking labs not working

I have tried some of the apprentice clickjacking labs in the past and could not complete them even though the payload aligned perfectly. I have now come across this issue again in the lab: Exploiting clickjacking...

BurpSuite is unresponsive.

I clicked 'Compare Sitemaps' and it fills up to 100%, BurpSuite is unresponsive. Env: m3 max, I won't include the version of Java in Burp as it uses the bundler anyway (system uses openjdk 21.0.3 Zulu)

Server-side prototype pollution materials

Hi, I am going over the materials on server-side prototype pollution, and I noticed a bug. Specifically, in the `Status code override` section and the code snippet showing the `createError` function. ``` if...

Sort order Sitemap

My Sitemap stopped sorting alphabetically, and now just adds the sites in the order Burpsuite sees them. I can't find any setting to undo this. Looks like something is broken here. Started doing this since latest version...

burpsuite chromium makes my kali linux sometimes freeze

In recent days I have switched to using Firefox as my intercept browser (with foxyproxy addons) this is because when I use the built-in Chromium from Burpsuite, sometimes my laptop freezes within a few seconds. Do you know...

Access the Lab

Hello, i have an issue with all labs, that the button (Access Lab) is hiddden i can't find it anywhere!!!

Out-of-band resource load (HTTP) reported "after" failing to connect to the Collaborator server.

Recently all of our BURP Pro. scans began detecting Out-of-band resource load HTTP (Confidence level: CERTAIN) across different apps. However, this finding only appears "after" the event log reports "Failed to connect to the...

API Scan, use cookies from cookie.jar not working

Hi, when I start API Scan and have the session handling rule "Use cookies from Burp's cookie jar" active, no cookies are added to the requests. The Session handling tracer shows events: Applying rule: Use cookies from...

jython "Select File" broken

Currently having an issue (v2024.4.5.) where I click the button to "Select File" for the "Location of the Jython standalone JAR file" in the Extension settings and it fails to select anything. When the window pops up to...

Bchecks bug?

I don't understand, but this just doesn't work for me. ``` metadata: language: v2-beta name: "Sql Injection" description: "Classic SQL Injection" given query insertion point then if...

Burp Suite - missing "Drop all out-of-scope requests" in Target-Scope tab

Hi, There was a "Drop all out-of-scope requests" checkbox in the Target->Scope tab. It disappeared after an update. The workaround for now is to use the menu "Settings->Project->Scope" instead (the checkbox is still there...

Intermittent Freezing Issue During Crawling in Burp Suite Professional

I am using the latest version of Burp Suite Professional. While crawling, Burp Suite intermittently freezes for a few seconds before resuming. The duration of these freezes increases as the crawling progresses. I have also...

"Your level" not counting?

Dear support, I've been enjoying my journey through your labs, and learning an absolute ton! Weirdly though, even though i'm solving labs and marking learning materials as completed, they get marked as solved/completed,...

Burp changes response headers case

I noticed that during http2 requests BURP changes the response headers to "First Capital" so any reponse header like some-somethingelse-anything : any value will be replaced as Some-Somethingelse-Anything : any...

CSRF LAB BROKEN - CSRF where token is duplicated in cookie

Hey Team, When i try to deliver the exploit or test in my browser, this lab give me its invalid csrf although i have checked many times. Given is my payload. <html> <body> <h1>Hello World!</h1> ...

Issue with windows remain open (frozen), on macbook air m2 running sonoma 14.5

I have an issue, every time I get a confirm window, the Windows ie edit proxy listener doesn't close, it just stays there, it happens to me on the proxy listener, and also on the intruder module, when closing the scan, I was...

Lab: CSRF where token is tied to non-session cookie

those are also incorrectly processed by my lab, my payload in search does not read properly. Everything is fine in response, but the next request does not execute. request: GET...

1st Academy Click Jacking lesson

When doing the initial click jack lab the exploit sever view isn't the same as what's described. When using the https://0a3e0068041332ff820d5100003a00a8.web-security-academy.net/my-account. the exploit view is showing...

Low labs performance

I'm getting slow responses (up to 20 seconds delay) when working at least with CSRF labs (haven't tried other labs yet), examples are: Dec 07 11:20:18 MSK...