Bug Reports - Page 61 - Burp Suite User Forum

Minor documentation bug for Community Edition user in OS Injection Attack lab

In OS Injection Attacks, "Blind OS command injection with out-of-band data exfiltration" the last lab on the page, there is no mention that you must have the Professional Edition of Burp Suite in order to complete this...

Mobile Assistant will not recognize that CA cert is installed

Burp Mobile Assistant "Test Settings" results in a failure for the "CA Certificate installed" condition. I utilized the "install" link from the Mobile Assistant application, downloaded it, approved it and granted trust to...

Line wrap does not work in pretty mode in repeater

Steps to reproduce: 1. Send request containing JSON payload to repeater. 2. Open request in repeater. 3. Since request body is JSON, Pretty mode is automatically activated. 4. Note that longer lines such as User-Agent...

Lost Cursor in Repeater/Intruder

Hi, Occasionally, when I send a request to the repeater or intruder, the cursor disappears and clicking anywhere in the request doesn't bring it back. I end up having to close and reopen Burp Suite to make the request...

Un-interactable repeater tabs

Hi, this bug has been around for more than a year now, and I'm unsure what's causing it. Current platform: - MacOS Catalina v. 10.15.7 - MacBook Pro 2019 - 2,6 GHz 6-Core Intel Core i7 - 16 GB 2667 MHz DDR4 - AMD...

BurpExtenderAPI - java.lang.NullPointerException: Cannot invoke "burp.ehv.a(burp.ikb)" because "<parameter1>" is null

Hello, I'm developing a burpsuite extension and I stumbled upon a problem with MessageEditorTab rendering. I have a basic plugin : BurpExtender.java - https://pastebin.com/xAZewdZT SimplePluginMessageEditorTab.java -...

Illegal HTTP/2 Upgrade

We are currently testing an application that requires NTLMv2 authentication. When first visiting the App over HTTP with the Embedded Browser, NTLMv2 authentication works. The application the immediately redirects the...

BurpSuite Enterprise AWS deployment problems

Hi, I followed the instructions provided in the documentation (https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-aws#nested-templates) to deploy BurpSuite enterprise to AWS. I used both...

Troubles with selecting text inside request/response (Windows 10 + 4k + JDK 14 GA (build 14+36))

Seems like bad rendering. Because when try to selecting text always empty big free space near selected text. When try to switching fonts, direction of empty space in selecting text just switching right/left

Burp start Chromium browser

hi Team I would like you inform about some issue.I see when I use only Firefox browser instead Chromium.The Burp start Chromium browser .This generate more memory and some problem . Screenshot show this...

Access Lab Error

I pressed "Access the lab" button but only got "This site can't be reached" result. Are the labs having problems?

Failed to create Burp project Invalid SortKey

Windows 10 64Bit - Burp Suite Pro v2021.9.1 Corrupt Burp Project? Not too sure what happened, the project was being saved and reopened without any issues. Then this morning, when I closed Burp Suite Pro down for a...

HTTP/2 Req Smuggler extension bug?

So i'm running the probe on "Lab: H2.CL request smuggling" and the issues identified are: HTTP/2 TE desync v10a h2method HTTP/2 TE desync v10a h2auth HTTP/2 TE desync v10a h2path Not "HTTP/2 CL", this is...

Base64 decode in HTTP history tab

With the latest version (2021.9.1) it's no more possible to decode base64 in the HTTP history tab using ctrl + shift + b. This problem is also present in the intercept tab

"Web cache poisoning with multiple headers" lab not working

I tried 3 times now knowing that could have been a temporary problem, When I poison the Cache (followed the guide step by step) I get a hit and the cache get poisoned , but instead of serving alert(document.cookie) in the...

Error when trying to add jython.jar to run python extensions

When I press on "select file" to add jython.jar it shows "failed to open file" under the area where it's supposed to show the location of the Jython standalone JAR file:

Burp match and replace

Hi I have burps match and replace enabled but it its not replacing, heres what I have done goto proxy tab > then options > enabled item request header > insert blind xss (begins User-Agent: *****some payload here**** set...

Apostrophe in path breaks Python extensions

It looks like the apostrophe in my username stops Python extensions from working, below is the error message when trying to enable an extension - Is there a way to change the bapps directory? SyntaxError: ("no viable...

lab login error

Hi I registered on the site and decided to go through the sql lab. An invalid request error has occurred.

manual activation

when i copy and paste my manual activation it seem not to work have tried it several times