Bug Reports - Page 63 - Burp Suite User Forum

Same code base in 2 Websites but still it shows different Scan report

Hello Support Team; We are running multistore Magento Website for 2 Store. 1 is for US another one is for CANADA. We have same code base in both the website, But while we are doing Burpsuite scan it shows different...

BurpSuite Hangs on macOS Monterey

Hi, I have been trying to get BurpSuite Pro 2022.3.6 to run on my macbook. After I install I try to run and the Burp loading page comes up and then sits there with the spinning color wheel. This happens when I try the...

License

I purchased a burp pro license on march 5. It has been 5 days and nothing. Not only that but I need this for a upcoming pentest. Speed this process up please this is ridiculous.

"Support HTTP/2" checkbox not working in proxy settings

Even after disabling "support HTTP/2" in proxy settings requests still have HTTP/2 header and disabling the checkbox does not apply. It is not possible to interact with HTTP/1.1 sites and the following error is...

Burp scanner using old cookie in requests

Hello, I noticed a weird thing when using burp scanner, let's say I manually crawl an application, I get on a website and starts moving around and my cookie is "sessionid=AAA", then I log out and login again, my cookie...

About active scan

Hi I scanned OWASP BWA BodgeIt Store. The bodgeit login menu has SQL injection. SQL injection payload: test@thebodgeitstore.com' or '1'='1 However, the scan result is Tentative only. Why isn't it detected?

Lab: Password reset poisoning via middleware: no "GET /forgot-password"

in the captioned lab, followed the solutions steps. After adding X-Forwarded-Host: xxxx and changing username to Carlos, exploit server showed "GET / HTTP/1.1" and "GET /resources/css/labsDark.css HTTP/1.1" but no "GET...

Updates deleting my UserConfigPro.json

The last two updates (Early Adopter) have completely deleted my UserConfigPro.json file. Which means I have to reinstall my extensions, reset preferences, etc. Is this a bug within the Early Adopter branch? What...

burp repeater modifies some non printable characters to 0x3F

Hi. While performing a file upload of a pdf via the repeater, i noticed that before sending the request the repeater changes all characters with hex value in the range 0x80-0x9f to character 0x3f. Also i noticed this does...

Corrupted Project

Hi, I was working on last stable Burp version (2021.9.1). Yesterday i closed the project without error, however this morning upon opening the project i received a "corrupted project" error and i am not able to restore it...

Getting net::ERR_HTTP2_PROTOCOL_ERROR after doing latest update of burp

Hi, I updated the Burp to its latest update a couple of days earlier, and ever since burp's preconfigured browser is not able to load any URL in it, giving the blank screen. Initially, it was giving the error of security...

Issue with recording/replaying login sequence.

Hello everyone, I'm having trouble replaying the login sequence for Burp 2022.3.6 on https://logowanie.nn.pl. When I click the "Replay" button, Chrome does not play the login sequence. Step to reproduce: 1 - Record...

Burp Enterprise older JRE version

Hello, We're currently running the latest version of burp enterprise and have set it to automatic update. We've scans indicating the agent and the enterprise installations making use of older JRE version 1.9.0_4....

License is not valid after upgrade

Hello, I upgraded burp suite and then it asked license again. I provided the previous license but still required to activate manually. Can you help me ? Thank you

HTML Render Tab Does Not Render HTML Response

I have an issue where the Render tab in the Response section is not rendering the HTML content. I just receive a blank page. However when view the HTML source in the HTML tab, there is HTML content.

Downloading license file

Hi, I have the burp license extended 1-2 days ago. When I try to download the license file through the panel, it will not work. However, software download has no problem. Could you please check if everything is OK with...

anti forgery check fail

I am not able to log in or even reset my password on chrome. it is giving some kind of error as anti forgery check fails. The following are the message that I am seeing. The anti forgery check failed. This could happen if...

Match and Replace strange behaviour

Hi everyone, I'm using the "Match and Replace" functionality to change the host header of an HTTP request. The problem is that even if I change the Host header, the request goes to the old Host header. This is...

proxy bug in Community edition (almost latest versions)

Hello, I am a fan of Burp! I am using Burp suite Community Edition, and I found a bug in proxy module. Bug is below: In HTTP header, i had a field with name "APP_TYPE", when i intercept the request with burp-proxy, the...

Lab: Username enumeration via account lock

i repeatedly tried to sole the lab with the exact solution. however, the password list provided does not generate any differences in response times. all settings are the same as the solutions and community solutions. am...