Bug Reports - Page 68 - Burp Suite User Forum

Proxy Configurations

I am using Burp (Windows 10) within a corporate environment and they use a Proxy PAC file for proxy configurations. I am having issues routing requests via the proxy out. It seems older versions appear to work on other...

[Burp Professional v2021.5.1] HTTP/2 not work on invisible proxying

Hi, I'm using Burp Professional v2021.5.1, but HTTP/2 doesn't work at invisible proxying. My setting is below: - Enable HTTP/2: on - Proxy Listners - *:80, support invisible proxying: on - *:443, support...

Excessively large project files on early adopter branch

I recently switched to the burp early adopter branch. Ever since then my project file disk usage has become impossibly large, taking approximately an order of magnitude more disk space than before switching. I've tried...

There's something wrong with Blind sql

I am trying to solve blind sql lab and in "Inducing conditional responses by triggering SQL errors" topic even when I am trying with same as how Rana khalil taught us still I am not getting logged in with password that I get...

Burp is not url-encoding payloads in active scan

Dear, When I send intercepted request to the intruder and chose the active scan insert points option , the burp suite is sending a payload without URL encoding. best regards

sql query breaks sqli labs

Hello, I found out that '||pg_sleep(10); -- - query breaks the postgresql injection labs. For some unknown reason that payload broke the lab and no matter how time I waited, the lab didn't come back up. I don't know if...

Jenkins plugin fail

Developer who manages Jenkins server for a CI pipeline reports: the Burp plugin installed successfully and offers the options they mention in the instruction but they are non-responsive for some reason, just nothing...

Web Security Academy Bug?

I may have stumbled across either an interesting Academy bug, or my Burp installation and/or browser have had a stroke. But maybe this has been observed before. In short, during the lab "Exploit XSS to Perform CSRF" I...

SSRF VUNLERABILITY VIA OPEN REDIRECTION IS NOT WORKING

Hi the SSRF with filter bypass via open redirection vulnerability lab is not working ,was trying to solve the lab the redirect is not going through, it always says "Failed to connect to 192.168.0.12:8080"

Learning materials never 100% ?

Hey guys, I've checked(completed) all "Learning materials" and its showing: Learning materials: 93% its a bug or I missed something? (double checked) thank u.

i have issues with integration of burp suite to jenkins

Hi , I have followed all the steps in the documentation. https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/jenkins/burp-scan but I am not able to get the build steps for burp...

Scanner doesn't report previously found issues if same Insertion Point number.

For example, there are like following reqest: [Req A] GET https://example.com/request.php?p=TEST_A&mg=TEST_A&exectype=TEST_A [Req B] GET https://example.com/request.php?p=TEST_B&mg=TEST_B&exectype=TEST_B I have set...

Web security academy bug

I am trying to solve SQL injection labs, but when I am solving a lab it doesn't show it is solved. I think is the same problem, that was one year ago, described here:...

Lab: Infinite money logic flaw

In the Macro Editor, click "Test macro". Look at the response to GET /cart/order-confirmation?order-confirmation=true and note the gift card code that was generated. Look at the POST /gift-card request. Make sure that the...

Burpsuite PRO not working with bundled jre

Hi, i was trying to install Burpsuite but getting error that it could not use bundled jre. while checking in logs [5:94] ERROR: Could not load bundled JRE. Failed with error code 1260.

Incorrect Issue Type/Advisory Finding & Remediation

Issue: Browser cross-site scripting filter disabled This issue is incorrect. The remediation says to use "X-XSS-Protection: 1; mode=block" but according to OWASP "The X-XSS-Protection header has been deprecated by modern...

Port being added only to the Host header instead of target URL

Hello, I've noticed a new bug, something that didn't happen before. Currently using burpsuite_pro_v2021.6.2, Windows 10, Google Chrome 91.0.4472.164 So when trying to access http://123.124.125.126:1337 I've noticed...

Broken DNS AAAA lookups

Burpsuite 2021.6.2 on MacOS does not make AAAA DNS lookups, and subsequently does not try to connect to IPv6 addresses of sites. This causes total failure if the site is IPv6-only, eg https://www.v6.facebook.com,...

setHTTPService API method appears broken

Hello, I have successfully created an HTTP request as such: httpService = self._helpers.buildHttpService("google.com", 80, False) requestResponse = self._callbacks.makeHttpRequest(httpService, message) When...

Burp Freezes On Window Maximize During Start

I found a bug which seems to be reproducible. When launching burp on windows and maximizing window during lunch, burp will often freeze after automatically minimizing the window. I'm using latest version of burp pro...