Bug Reports - Page 7 - Burp Suite User Forum

Slow lab response times

The lab 'Lab: Reflected XSS with event handlers and href attributes blocked' (https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked) seems to be responding very...

correct secret not accepted by lab

Hey there, in the lab: Lab: Web shell upload via Content-Type restriction bypass I solved it via uploading a webshell and cat of the secret file. The corresponding secret was not accepted as a solution. I did get...

Lab: DOM XSS in jQuery anchor href attribute sink using location.search source

The solution javascript:alert(document.cookie) does not work because the cookie is set as HTTPOnly

Web shell upload via extension blacklist bypass;

I've followed the directions to the letter and then tried the video tutorial, both times this the the final response from GET /files/avatars/exploit.l33t or the video's GET /files/avatars/shell.shell: " HTTP/2 500 Internal...

Unable to manuplate requests in Proxy Intercept, Repeater and Intruder.

I am using standalone jar Burp-Suite professional with version of 2024.5 in Proxy intercept, Repeater and Intruder all of them mentioned are adding white spaces and not selecting whole request i want to do it and overwriting...

LAB: No SQL Exploiting NoSQL operator injection to extract unknown fields

I have a question about lab this, I have to rescan find attributes only array is 0 = id 1 = username 2 = password 3 = email I haven't find the token because I tried Sequent 0 - 10 not find a token Please help tell...

Unable to check for updates due to network error, in return resulting to license activation reached its limit

After installing burp and loading the license and tried to do update suddenly the burpsuite pro has an error saying "unable to check for updates due to network error. Please check your network configuration and try again". I...

Content security policy: malformed syntax due to values in sandbox directive

Burp version 2024.4.4 Found an issue in the Live audit, when browsing on a site which had CSP header with a sandbox directive and values (which are optional but valid cf....

Lab: CORS vulnerability with basic origin reflection (exploit working only if delivered)

The exploit works only when delivered to the victim. By clicking on "View exploit" the browser (even the Burp's browser) block third-party cookie and CORS requests. This problem affects also the solution exploit.

Intruder copied new tab behavior does not set resource pool

Hi, I have selected the option: Intruder -> New tab behavior -> Copy configuration from last tab When I now send a request to intruder, the "Payloads" and options from "Settings" are correctly set in the new intruder...

Error importing certificate in chrome -The Private Key for this Client Certificate is missing or invalid

I am having problems with chrome importing the burpsuite certificate I am getting this error: Certificate Import Error The Private Key for this Client Certificate is missing or invalid This only happens to me after a...

Not supporting ÅÄÖ characters in Extensions

Hello! I am not sure if this is a burp issue or a extension creator issue. However, i will still make an attempt in a hopeful fix to my issue! * Specs: Burpsuite v2021.10.3 Windows 10 Pro OS Build 19044.1348 Jython...

No more activations allowed

I have run into a bit of trouble with my pc lately, and as such had to reinstall vm's and burp as well. But now, when activating my license, I get the "No more activations allowed for this license" Is there any way I can...

Burp Suite Professional freezes on launch

I am getting Safe Mode prompt saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp suite. This happens for both saved and...

Error using burp suite with browser proxy extension

Whenever I tried to used foxy proxy or any browser proxy extension with burp I always get this error https://imgur.com/SSLRN2c. I also tried to enable invisible proxy but I can't still access only https site. but when I...

Linux x86_64 - Extremely High CPU Usage

Hi, I'm encountering very high CPU usage on the latest version of Burp Suite Professional, as of 2024-05-20. The high CPU usage happens while idle, with no extensions installed. Strangely it also seems to be directly...

An error "Skipping current insertion point. Too many consecutive "empty response" errors have occurred." occurs due to the extension when scanning

I'm working on Web Security Academy. While working on a SQL injection lab, I faced an issue where the Scanner would give me the error "Skipping current insertion point. Too many consecutive "empty response" errors have...