Bug Reports - Page 69 - Burp Suite User Forum

Java Unsupported Version Vulnerability

Hello, During a Nessus scan, the Linux version of Burp Suite Professional v2022.1.1 (fully up to date) came up as using an unsupported version of Oracle Java. The Windows version of Burp seems to use the same...

Passing NTLM credentials not working

Hi, I am using the trial version BURP Pro 2021.9.1 and trying to test the vulnerability scanning. I am using the proxy and built in BURP browser to open up my web application. My web application uses Windows...

Lab Reflected XSS protected by CSP, with dangling markup attack

Hello there could you verify that the solution of this lab is still working ? https://portswigger.net/web-security/cross-site-scripting/content-security-policy/lab-csp-with-dangling-markup-attack i tried both of thease...

Lab: Web cache poisoning via an unkeyed query string

The Origin header does not act as a catch buster . I submitted my malformed query string with Origin Header and it solved the lab i.e the Origin header is not keyed header.

Burp Collaborator Error

Initiating health check Server address resolution Success Server HTTP connection Warning Server HTTPS connection (trust enforced) Warning Server HTTPS connection (trust not enforced) Error Server SMTP connection on...

Unable to get 302 Response

Currently attempting the "Lab: Response queue poisoning via H2.TE request smuggling" lab. Unable to advance as I am not able to get a 302 response containing the admin's new post-login session cookie even after sending out...

CA certificate not found

I am trying to install the burp CA but everytime I go to http://burpsuite/ I get a "server not found" error. I tried running burpsuite through the terminal and even configured my proxy settings to match burpsuite's proxies,...

this error occurs when I enter a proxy - Open Browser

net.portswigger.devtools.client.a4: Unable to start browser: DevTools listening on ws://127.0.0.1:3520/devtools/browser/....

Lab seems doesn't work

https://portswigger.net/web-security/host-header/exploiting/lab-host-header-routing-based-ssrf Keep getting (Server Error: Gateway Timeout (3) connecting to 192.168.0.0)in intruder. Even if I follow step by step youtube...

"Lab: Modifying serialized data types", is having unintented solution

I tried to access the admin panel by changing only the username to 'administrator' and its character string value to 13. It throws an error with 3 'access_token'. One of those 'access_token' is the administrator's...

HTTPS websites problem

Hi, i run Burp Suite Professional on Win10, version 2021.12.1. Installed as documentations says, but i have problem with https. http works fine, CA installed. If i try website with https it is not show in embedded...

report does not include the correct request and response

Hi we ran an audit scan and detected a stored xss issue. for that path "/" there were many requests , one of them was able to perform stored xss. the report and also in the issues screen shows only the basic request GET...

LAB Authentication bypass via OAuth implicit flow

I am trying to access lab "Authentication bypass via OAuth implicit flow" but when i go to https://acc41f931f795360c0081ada005a0002.web-security-academy.net/ and click on my account to login its giving me error after We are...

I got this issue after scanning my website. How do i resolve this issue can you explain me please?

There are 3 instances of this issue: / /casa /casa Issue background External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail...

Application response 500 when burp collaborator is active

Hi, i'm having troubles testing a web application. If i use burp collaborator (default or private) the application respond with a 500 error. As soon i set "Don't use Burp Collaborator" in "Project Options -> Misc" the proxy...

Bundled JRE (16.0.2) is not fully compatible with macOS Monterey

Bundled JRE (16.0.2) has a minor font bug that may affect Burp Suite's interface. macOS Monterey does not have the font"Times". Here's the command to reproduce the problem (using Burp Suite Community 2012.12.1 for...

Information exposure in the "interaction" endpoint of the oauth servers

"OAuth authentication" labs. Making a request to the OAuth server like that: https://oauth-endpoint/interaction/$$$" where '$$$' can be anything. That yields: SessionNotFound: invalid_request at *** (***) at...

Lab: "Web cache poisoning with multiple headers" doesn't work

hi! in repeater keep getting "Timeout in transmission from.." error when adding X-Forwarded- headers, even if I follow step by step instructions still getting same result (no response from the server). would you mind...

Possible bug in "Broken brute-force protection, multiple credentials per request" lab

Hello Portswigger team, It seems like there's a bug in the lab located at https://portswigger.net/web-security/authentication/password-based/lab-broken-brute-force-protection-multiple-credentials-per-request The lab has...

Cannot use Collaborator in auditing

With auditing, I see this error in Dashboard and the auditing stops. 1642466839530 Error Suite [2] The Burp Collaborator server used by the Burp Collaborator client is not reachable, change the settings to use this...