Bug Reports - Page 67 - Burp Suite User Forum

HTTP/1.1 requests are silently upgraded to HTTP/2

I have a setup where I'm running a CLI REST client through Burp Pro. In Burp Proxy History I see: Request ------ GET /some/api/path HTTP/1.1 ... Response ------ HTTP/2 200 ok ... and then my CLI client...

Memory usage is extreme after 2021.8 update

Hello I'm using burp pro and after updating to 2021.8 the memory limit maxes out within seconds. I am not running any extensions and I am testing a domain (with only 4 URLS) that I was testing with no problem before the...

Copy/Paste/Cut shortcuts (CTRL+C/V/X) are not working on Windows 10

I upgraded to windows 10, installed the latest Oracle JRE 1.8.0_60-b27 and now the shortcut copy & paste functionality is not working anymore. I'm working with burpsuite 1.6.27 pro. The functionality worked on Windows 7...

HTTP Headers line folding seems to break Hackvertor tags

Hello, I was playing with line folding in HTTP headers after reading the as-usual-amazing paper from albinowax (https://portswigger.net/research/http2), and I noticed something strange with Hackvertor tags when testing...

Reporting an issue with UTF-8 characters results in garbage

We have German text in issues generated by an extension we've written. Burp displays it correctly, but when reporting the issues in XML form, the Umlauts and other non-ASCII characters get garbled. To replicate: create a...

Login Failed on Portswigger Website

Hi, I am trying to log in to Port Swigger web academy by entering my email and password. Despite entering the Correct credentials it shows login failed, so I tried to reset the password and entered the password which...

Academy Lab Not Solved after completed

as yesterday and today, when I finished a lab in the web academy, it was not marked as solved in the main page.I even follow the solution just to make sure and follow the exact steps and still the lab is not solved. I just...

IOS 13.4.1 Jailbreaked with Burp 2021.7.1 cert doesn't work

Hi to all, I'm using Burp 2021.7.1 Windows versione with Iphone 6s IOS 13.4.1 with Jailbreak I have tried to use burp for http traffic but it doesn't works in any way. I have also restored the device at factory reset,...

"Load from configuration file" leaves "Default to HTTP/2" unchecked

The "Default to HTTP/2 if the server supports it" project option is not set correctly when "Load from configuration file" is used during launch. To reproduce: 1. In Burp, go to "Project options" -> "HTTP" and check...

Proxy Configurations

I am using Burp (Windows 10) within a corporate environment and they use a Proxy PAC file for proxy configurations. I am having issues routing requests via the proxy out. It seems older versions appear to work on other...

[Burp Professional v2021.5.1] HTTP/2 not work on invisible proxying

Hi, I'm using Burp Professional v2021.5.1, but HTTP/2 doesn't work at invisible proxying. My setting is below: - Enable HTTP/2: on - Proxy Listners - *:80, support invisible proxying: on - *:443, support...

Excessively large project files on early adopter branch

I recently switched to the burp early adopter branch. Ever since then my project file disk usage has become impossibly large, taking approximately an order of magnitude more disk space than before switching. I've tried...

There's something wrong with Blind sql

I am trying to solve blind sql lab and in "Inducing conditional responses by triggering SQL errors" topic even when I am trying with same as how Rana khalil taught us still I am not getting logged in with password that I get...

Burp is not url-encoding payloads in active scan

Dear, When I send intercepted request to the intruder and chose the active scan insert points option , the burp suite is sending a payload without URL encoding. best regards

sql query breaks sqli labs

Hello, I found out that '||pg_sleep(10); -- - query breaks the postgresql injection labs. For some unknown reason that payload broke the lab and no matter how time I waited, the lab didn't come back up. I don't know if...

Jenkins plugin fail

Developer who manages Jenkins server for a CI pipeline reports: the Burp plugin installed successfully and offers the options they mention in the instruction but they are non-responsive for some reason, just nothing...

Web Security Academy Bug?

I may have stumbled across either an interesting Academy bug, or my Burp installation and/or browser have had a stroke. But maybe this has been observed before. In short, during the lab "Exploit XSS to Perform CSRF" I...

SSRF VUNLERABILITY VIA OPEN REDIRECTION IS NOT WORKING

Hi the SSRF with filter bypass via open redirection vulnerability lab is not working ,was trying to solve the lab the redirect is not going through, it always says "Failed to connect to 192.168.0.12:8080"

Learning materials never 100% ?

Hey guys, I've checked(completed) all "Learning materials" and its showing: Learning materials: 93% its a bug or I missed something? (double checked) thank u.

i have issues with integration of burp suite to jenkins

Hi , I have followed all the steps in the documentation. https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/jenkins/burp-scan but I am not able to get the build steps for burp...