Burp Suite User Forum

Login to post

Javascript Not rendering

Hello Team, When proxying through burp the webpage isn't rendering any of the javascript. This results in most of the significant features of the page remaining unloaded. When I remove the proxy everything loads...

Last updated: Apr 21, 2023 10:10AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Montoya api.intruder().sendToIntruder() no insertion points

Hey, I've noticed in Burp v2023.4.1-20122 that api.intruder().sendToIntruder() does not automatically add insertion points. If I revert to Burp 3.3-20066 the insertion points work fine.

Last updated: Apr 21, 2023 09:12AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

helpers indexOf doesn't seem to be working as expected.

(reposting as I neglected to put this in bug reports the first time) I'm working with https://github.com/PortSwigger/java-deserializer I have a stream of bytes in a request that should be a serialized java...

Last updated: Apr 20, 2023 08:30AM UTC | 3 Agent replies | 5 Community replies | Bug Reports

Proxy (Chromium) not working on some sites

I am currently using the latest version of Burp Suite Community and I cannot get access to any sites without needing to relaunch the browser. On initial launch, the proxy works for the Chromium browser, but after a while it...

Last updated: Apr 20, 2023 08:29AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Password Reset Poisoning via Dangling Markeup

This lab is not working for me at all. I'm following a video online and doing the steps exactly but when I try to add a port it says 504 Gateway Timeout. OR it says bad request CRSF token expired or something along those...

Last updated: Apr 20, 2023 07:04AM UTC | 6 Agent replies | 6 Community replies | Bug Reports

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

Last updated: Apr 19, 2023 10:38AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Academy - CSRF with token is duplicate or token tied to non-session cookie

Hi, I was just trying to solve the Labs for the CSRF-Challenges, but for some reason, I always got the error 'Invalid CSRF-Token', even though I submited the exact solution that is provided to the Lab. When I just tried to...

Last updated: Apr 18, 2023 04:40PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Embedded Browser Behaving Strangely - Crashing, Wont Connect to Certain Sites

I seem to have corrupted the embedded browser somehow. I get lots of browser crashes. I did install react dev tools - maybe thet borked it? I can't seem to fix it. I tried uninstalling Burp and re-installing, no luck. The...

Last updated: Apr 18, 2023 03:59PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Chromium Browser Stops Working

After 15 minutes of using Burp's Chromium browser, including on sites where the pages have almost no content, no javascript and no css, when I alt-tab away from Chromium to Burp, I am unable to get back to Chromium. I have...

Last updated: Apr 18, 2023 07:59AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

No more activations allowed for this license

I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...

Last updated: Apr 18, 2023 06:39AM UTC | 3 Agent replies | 4 Community replies | Bug Reports

Unable to Start Brup Suite Pro

I recently updated Burp Suite Pro to v2023.3.2 and can no longer execute Burp. I run a Kali Linux VM (latest iteration, fully patched) on a MacBook Pro M1. Up till now, I was successfully using openjdk 17.0.6 2023-01-17;...

Last updated: Apr 17, 2023 01:36PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Bug during the export process from Burp to Qualys using the Qualys Extention

Hi, there is a bug during the export process of the findings from Burp to Qualys Platform. When I click on a finding in Burp (single or multiple - is the same) and send to Qualys, the extension correctly sends it to...

Last updated: Apr 17, 2023 12:27PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

burp selection text collapse after the request is sent

I am using Burp community edition and while using it to solve SQL labs and trying different payloads I was constantly using the selected text section in repeater tab and after trying some payloads I clicked on apply...

Last updated: Apr 17, 2023 10:12AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Charset problem in intruder

I am testing an app which, in the app, some http requests contains Turkish characters. When i send the request to the repeater there is no problem. But if i send it to intruder i am facing with charset problems. On...

Last updated: Apr 14, 2023 09:29AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Tengo problema en el navegador de burn..

No puedo realizar ningún laboratorio porque al ingresar la URL de postswigger, me muestra URL no segura, tu conexión con este sitio o es segura. Luego el certificado no es válido. Pero en el Google Chrome si se puede abrir...

Last updated: Apr 14, 2023 07:25AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Cookie Disappears

Hi PortSwigger, When I'm sending a request with a Notification Cookie (Lab: Authentication bypass via encryption oracle) it responds with an 200 OK, but the Notification Cookie disappears and the response doesn't show the...

Last updated: Apr 13, 2023 04:25PM UTC | 6 Agent replies | 11 Community replies | Bug Reports

Potential bug in lab "Web cache poisoning via HTTP/2 request tunnelling"

Hi, I'm trying to resolve the lab "Web cache poisoning via HTTP/2 request tunnelling". For some reason the server returns the error 504. May you advice? https://snipboard.io/pGVzvB.jpg Cheers, Jesús

Last updated: Apr 13, 2023 01:55PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab: Basic password reset poisoning seems to be broken

From the lab solution step 6: "Back in Burp Repeater, change the Host header to your exploit server's domain name (YOUR-EXPLOIT-SERVER-ID.exploit-server.net) and change the username parameter to carlos. Send the...

Last updated: Apr 13, 2023 08:13AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Server sends 403 if I use Burp Suite.

While logging fetch requests on https://hilton.com I noticed some requests were getting blocked if I used burp suite proxy, but the same wasn't the case without burp proxy in b/w. I cannot find the cause for it. Can someone...

Last updated: Apr 12, 2023 03:07PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Received Query must not be null error message for create schedule item graphql query but it is working fine in postman

body = """ { I have tested below mutation query using postman and got the successful response. However when I tried to use the same code in python, I am always getting below error message. response status...

Last updated: Apr 12, 2023 09:47AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 6 of 126

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image