Bug Reports - Page 6 - Burp Suite User Forum

Lab: HTTP request smuggling, basic TE.CL vulnerability

I am running through the labs again in prep to take the test. I think this lab has stopped working. Regardless of what I do, it does not seem like the backend is honoring the Content-Length header. I've tried multiple...

Install Script Leaks the java binary

The Download and Install Bash script for arm Linux when you install Professional Burp suite is leaks the java bin. -- output: └─$ bash burpsuite_pro_linux_arm64_v2024_7_6.sh > Unpacking JRE ... > Starting Installer...

Cannot set up Chromium DevTools overrides in embedded browser

When I open DevTools -> Sources -> Overrides and select a new folder for overrides, I get the prompt "DevTOols requests full access to [path...]". I click Allow, and then nothing happens. I do not have this issue with...

When I use the "show response in browser" the url does not work

Hi When I use this feature I receive a message : Unknown host : burpsuite the url is like "burpsuite:/repeat/3/epmnkg....." Would you please help me about this ? Thks

Lab: Exploiting a mass assignment vulnerability doesn't allow POST reqs

Hello, When trying to solve this lab following the given solution, after sending a POST /api/checkout request, I got a 400 Bad Request Error: {"error": "Malformed URL: query only supported with GET"}. Is this...

Vertically split UI extension not fully resizable

Hi there! We are running into a new issue since 2024.7.6 where as an example, the Authorize extension right panel isn't fully resizable. It appear that the UI will not resize smaller than the right most component on the...

Freeze on Screen Lock (macOS)

Burp Suite Pro seems to lock up every time my screen lock activates. This is Ventura 13.4 running on M2 silicon with v2024.3.1.3 When resuming, the only button that works is close and then the confirm dialog shows which...

CSRF Labs are buggy not working

Currently i'm trying to solve the CSRF labs. However, it seems that these are not working properly; It seems that the system doensn't work when you "deliver exloit to user". I know for a fact that the CSRF Payload is...

Lab: CSRF vulnerability with no defenses

Hello, going through the lab https://portswigger.net/web-security/csrf/lab-no-defenses, for some reason he does not solved. https://forum.portswigger.net/thread/lab-csrf-vulnerability-with-no-defenses-35a98ebd I had...

the Dashoard tab wasn't visible

the Dashoard tab wasn't visible for projects with crawl tasks started。

Burp Collaborator Problem

I have installed burpsuite and the cerification tested it and all works fine, I can intercept the HTTP&HTTPS requests, but the collaborator doesn't works. I have tried to made a normal get request from the browser to the...

Solution not functional: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses"

The solution provided in the following lab is not functioning correctly: "Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses" After setting the correct host header and ensuring that...

'Stream failed to close correctly' when trying to load one lab

Accidentally broke one of the labs - https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-cookie-refresh steps to reproduce: - open burpsuite chromium browser - copy...

memory leak issues with Burp Suite Pro?

My company uses Burp Suite Pro to scan a number of websites, some of these we scan roughly quarterly. Our systems team manages the updates to Burp Suite Pro on a monthly basis, so we're not necessarily always using the very...

File Upload Lab not working

Hello, it seems to me that the first lab (remote code execution via web shell upload) is not working correctly. I managed to print the contents of /home/carlos/secret but when I submit it says wrong solution

Running BurpSuiteCE on Parrot 6.1

Hi there, I've just installed Parrot OS on my macBook (UTM). Everything has been updated, however I cannot run Burpsuite. I get the following message: java.lang.UnsupportedClassVersionError: burp/StartBurp has been...

Shortcut Keys don't work

Hi, The shortcut keys (e.g. ctrl-C, ctrl-v) don't work in the new releases. Please fix. Thanks, Carl

Cannot re-disable logging out-of-scope items to the history

Hi, when I created new project, caught several requests and added the selected into scope, I was offered the option to disable logging out-of-scope items to the history and I confirm it. It worked and there was a warning...

getRequest() and getResponse() methods not called in the new Intercept interface

Hi, I noticed that with the new Proxy Intercept interface, when you intercept a request/response, open a custom tab (e.g. the one in your examples...

Cannot update Burp

Hi I'm trying to update my Burp to version v2024_7_5. Usually it wad done automatically by Burp. This time it didn't work. I tried to do it manually by download file from portswigger and exec installer. It didn't work...