Bug Reports - Page 6 - Burp Suite User Forum

Javascript Not rendering

Hello Team, When proxying through burp the webpage isn't rendering any of the javascript. This results in most of the significant features of the page remaining unloaded. When I remove the proxy everything loads...

Montoya api.intruder().sendToIntruder() no insertion points

Hey, I've noticed in Burp v2023.4.1-20122 that api.intruder().sendToIntruder() does not automatically add insertion points. If I revert to Burp 3.3-20066 the insertion points work fine.

helpers indexOf doesn't seem to be working as expected.

(reposting as I neglected to put this in bug reports the first time) I'm working with https://github.com/PortSwigger/java-deserializer I have a stream of bytes in a request that should be a serialized java...

Proxy (Chromium) not working on some sites

I am currently using the latest version of Burp Suite Community and I cannot get access to any sites without needing to relaunch the browser. On initial launch, the proxy works for the Chromium browser, but after a while it...

Password Reset Poisoning via Dangling Markeup

This lab is not working for me at all. I'm following a video online and doing the steps exactly but when I try to add a port it says 504 Gateway Timeout. OR it says bad request CRSF token expired or something along those...

CSRF labs exploit server delivery doesn't work

Hello, In the past i solved these labs without any issue. Now i can't even "Solve" the easiest one, CSRF vulnerability with no defenses. If i view the exploit the mail updates. Delivering the exploit doesn't work, does...

Academy - CSRF with token is duplicate or token tied to non-session cookie

Hi, I was just trying to solve the Labs for the CSRF-Challenges, but for some reason, I always got the error 'Invalid CSRF-Token', even though I submited the exact solution that is provided to the Lab. When I just tried to...

Embedded Browser Behaving Strangely - Crashing, Wont Connect to Certain Sites

I seem to have corrupted the embedded browser somehow. I get lots of browser crashes. I did install react dev tools - maybe thet borked it? I can't seem to fix it. I tried uninstalling Burp and re-installing, no luck. The...

Burp Chromium Browser Stops Working

After 15 minutes of using Burp's Chromium browser, including on sites where the pages have almost no content, no javascript and no css, when I alt-tab away from Chromium to Burp, I am unable to get back to Chromium. I have...

No more activations allowed for this license

I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...

Unable to Start Brup Suite Pro

I recently updated Burp Suite Pro to v2023.3.2 and can no longer execute Burp. I run a Kali Linux VM (latest iteration, fully patched) on a MacBook Pro M1. Up till now, I was successfully using openjdk 17.0.6 2023-01-17;...

Bug during the export process from Burp to Qualys using the Qualys Extention

Hi, there is a bug during the export process of the findings from Burp to Qualys Platform. When I click on a finding in Burp (single or multiple - is the same) and send to Qualys, the extension correctly sends it to...

burp selection text collapse after the request is sent

I am using Burp community edition and while using it to solve SQL labs and trying different payloads I was constantly using the selected text section in repeater tab and after trying some payloads I clicked on apply...

Charset problem in intruder

I am testing an app which, in the app, some http requests contains Turkish characters. When i send the request to the repeater there is no problem. But if i send it to intruder i am facing with charset problems. On...

Tengo problema en el navegador de burn..

No puedo realizar ningún laboratorio porque al ingresar la URL de postswigger, me muestra URL no segura, tu conexión con este sitio o es segura. Luego el certificado no es válido. Pero en el Google Chrome si se puede abrir...

Cookie Disappears

Hi PortSwigger, When I'm sending a request with a Notification Cookie (Lab: Authentication bypass via encryption oracle) it responds with an 200 OK, but the Notification Cookie disappears and the response doesn't show the...

Potential bug in lab "Web cache poisoning via HTTP/2 request tunnelling"

Hi, I'm trying to resolve the lab "Web cache poisoning via HTTP/2 request tunnelling". For some reason the server returns the error 504. May you advice? https://snipboard.io/pGVzvB.jpg Cheers, Jesús

Lab: Basic password reset poisoning seems to be broken

From the lab solution step 6: "Back in Burp Repeater, change the Host header to your exploit server's domain name (YOUR-EXPLOIT-SERVER-ID.exploit-server.net) and change the username parameter to carlos. Send the...

Server sends 403 if I use Burp Suite.

While logging fetch requests on https://hilton.com I noticed some requests were getting blocked if I used burp suite proxy, but the same wasn't the case without burp proxy in b/w. I cannot find the cause for it. Can someone...

Received Query must not be null error message for create schedule item graphql query but it is working fine in postman

body = """ { I have tested below mutation query using postman and got the successful response. However when I tried to use the same code in python, I am always getting below error message. response status...