Bug Reports - Page 66 - Burp Suite User Forum

Unable to load PKCS11 library when Java 17 is used

Burp 2021.10.2 fails to load opensc-pkcs11.so library when configuring Client TLS Certificate with Java 17.0.1. Error message reads: "Unable to load library - check file is correct and device is installed." It works fine...

Full server response not showing in 'Define Custom Parameter'

Hi - I'm trying to use the Macro Editor's "Define Custom Parameter" function to pull a JWT out of a server response, but the response viewer in the DCP window does not show the entire response. The viewer's display width...

"Targeted web cache poisoning using an unknown header" seems broken

Hi there, I've attempted the <insert subject> lab 2 times. After peeking at the solution it was clear that what I was doing is correct. I leak the User-Agent (tried both collaborator and exploit-server) and I poison the...

Burp Pro fails to launch

# # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f18fc1c5b0e, pid=6362, tid=6421 # # JRE version: OpenJDK Runtime Environment (16.0.2+7) (build 16.0.2+7-67) # Java...

Are Burp Suite Professional and Burp Suite Enterprise Vulnerable to Spring4Shell

Hi, Are Burp Suite Professional and Burp Suite Enterprise vulnerable to these spring vulnerabilities: https://tanzu.vmware.com/security/cve-2022-22965 https://tanzu.vmware.com/security/cve-2022-22963 Thanks. D.

Xpath injection issue because of the the word "xpath" in the response

The string 'XPath' happens to appear in our HTML response as a part of the Google analytics payload and that section has nothing to do with XML or XPATH. In fact, we are returning the word "XPath" explicitly in the...

Burpsuite session is killed in the middle of scan

Hi The burpsuite session is killed when in middle of the active scan . I have launched the tool with command line java -jar -Xmx4g /path/to/burp.jar I'm running burp on Debian GNU/Linux 11 (bullseye) java -jar...

Burp Suite enterprise edition - Scanners are getting deleted automatically

Hello Burp Support team, Currently, I'm using Burp Suite enterprise edition - when I schedule scans in the night hours, we are observing that Burp Scanners are getting deleted automatically from Burp Server. We have...

Request body disappears in intruder when scrolling over to the right

When sending a request to intruder, if the request body is really long and scrolls outside of the window to the right, the text disappears when scrolling to the right to view it. This only seems to happen to the message body...

PortSwigger Academy - Advanced request smuggling - Spelling Error!

Hi PortSwigger, loving your labs! However; I noticed a spelling error on your page! "we've mitigated this by included a trailing parameter" - when it should be: "we've mitigated this by including a trailing...

Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists.

Getting this problem in the lab - https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass

Lab: Stealing OAuth access tokens via an open redirect

Hello! I have an issue with the lab, I followed the steps for the solution many times from different browsers, also I followed step by step the community solution video but when I "view exploit", I got a response "Resource...

Scans created with REST API are put on pause since v2021.12

It looks like scan automation is broken in Burp Suite Professional since release 2021.12. `2021.10.3` is the last version that can be used to automate scans in headless mode. Expected behavior: * scan is started after...

Potential Bug - Burp Pro 2022.2.4

I've had issues with Burp ever since this release came out with BurpSuite Professional. I isolated the issue first to Burp Pro, because Burp Community worked fine on the same VM. I troubleshot further by cloning the VM and...

JSON Request broken when scanning a defined insertion point

Hi! When I configure a scanning (from intruder) to test only one parameter: { "roles":[" ...

Mystery lab challenges that require to submit solution seem to be broken

Mystery lab challenges that require to submit solution seem to be broken - correct results are not accepted. Example for the "CORS vulnerability with trusted insecure protocols" - for better visibility below requests are...

DOM-based link manipulation on detected on BURP scan

I was given a BURP report to analyze, and development of Web Apps is not my forte. I'm hoping someone can help with this. The following issues were detected on a BURP scan - The application may be vulnerable to DOM-based...

Incomplete responses in repeater, intruder as well as in collab client

Hello, I was performing an out-of-bound test (SMTP based) through collab client and I was getting partial response shown on screen. This has also happened before through repeater and intruder when I ignored it thinking it...

Burp enterprise recorded login sequence

Hello, i try use recorded login sequences in burp enterprise, and he not clicking on elements - "unable to find element for clicking on Element", in burp pro same record replay all ok. And how debug?

No NTLM Challenge Received Error

Hi, I want to use my company proxy as upstream proxy for Burp. I filled the necessary values in user settings upstream proxy part. However, Burp can't stream the traffic due to "no ntlm challenge received" error. When I...