Bug Reports - Page 67 - Burp Suite User Forum

Automatic Project Backup Fails

Using Burp Suite Pro on Windows 10. While doing a scan, it always fails with an error "Automatic backup failed". I see a popup error message, with the window title "Automatic project backup". The body of the message...

'DOM XSS in jQuery selector sink using a hashchange event' lab not solving

Hi I have successfully completed the lab entitled 'DOM XSS in jQuery selector sink using a hashchange event' however I am not receiving 'lab solved'. I have also followed the lab solution walk-through provided in case I...

Unknown host: burpsuite

Hi, i'm quite sure it comes from my configuration rather than a bug from burp, but i can't understand what i've done wrong: i get "unknown host : burpsuite" as an error in my dashboard event log and in my browser when i...

Session Handling Macro Not Waiting for Response

Hello, I have configured the Burp session handling rules in project options to check if a session is valid and if not, issue a request containing a refresh token to an OAuth API to obtain a new access token. I am then...

OpenJDK 16.0.2 Multiple Vulnerabilities

Nessus is stating that the Burp server is using OpenJDK 16.0.2 which has multiple vulnerabilities as reference in the 2021-10-19 Java advisory (https://openjdk.java.net/groups/vulnerability/advisories/2021-10-19). This...

"URL normalization" lab doesn't URL-encode

see subject.

Burp Suite Navigation Recorded fails to record login sequence on modern, JS rich application.

Burp Chromium plugin fails to record login, password and clicking "ZALOGUJ SIĘ" (log in in polish) Example application - https://onnboard.nn.pl Script from plugin [ { "name": "Burp Suite Navigation...

Word Wrap has been removed from intruder

Hello, Please can word wrap be put back in the Intruder "Payloads Positions" window please? It's really difficult to use with requests with large parameters, it definitely used to be there, either as an option or by...

Match Replace action is not marked as edited request

Hello, I ve set up a match and replace rule under proxy-options tab. The rule worked. Under proxy history, I haven't seen any request marked as edited and also comment is not written. On OSX version 2022.1.1 Best

unable to submit flag

lab: https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload issue: submitted flag, but status lab not updated to 'solved' steps to reproduce: 1. click 'submit...

I can't save my project

Hi, in the last versions v2022.1.1 on the professional version, the save copy options stops on 6% or 8% and we can't finish the backup process. Can you help us? Best Regards.

Not able to access the labs

Hi I am not able to access the labs it keeps showing up as an error of Apologies, the lab could not be started in a timely manner. Please try again or contact us if the problem persists. Please Help. Thanks

SAML Raider Extension

Not working - reports the below: <SAMLRaiderFailureInInitialization></SAMLRaiderFailureInInitialization>

Macro "Define Custom Parameter" Does Not Show Full Response

Hi, I'm trying to create a macro but Burp is not detecting the fairly standard "sessionId" parameter that is set in the response. When I try to define it as a customer parameter, I cannot see the entire response, even if...

Number payloads option in intruder are not rendering in the newer version of burp

Number payloads option in intruder are not rendering in the newer version of burp.Fix it ASAP

About the lab Exploiting cross-site scripting to steal cookies

I tried with XSS payloads that send GET request to Burp collaborator, butthe result of document.cookie is empty. For example: this payload did make the victim sent a GET request to my burp collaborator: <img src=x...

PSA: Burp segfault on Arch Linux after yesterday's update and this is the fix

To all Arch Linux users: yesterday's update of harfbuzz (a text shaping library) from version to 3.4.0 to version 4.0.0 makes Burp segfault on launch. To fix the issue, you can downgrade harfbuzz to the previous version...

Access to lab

Burp Suite Professional Error Failed to connect to ac971ff61e99a41dc0cf74e8001500ed.web-security-academy.net:443

I delete my account on Basic clickjacking with CSRF token protection

Even though I dropped the request, I deleted my account incorrectly. It says It'll be fine for 20 minutes, but It still hasn't. Can you fix it my lab account. wiener peter