Burp Suite User Forum

Burp Enterprise Kubernetes Helm Chart - Troubleshooting bsee-connection-check OOMKilled Error

Hello, I installed Burp Enterprise in a Kubernetes cluster through the provided Helm chart, and I ran into a strange issue with the bsee-connection-check job running out of memory. After modifying the values.yaml file to...

Bug in lab "SSRF via OpenID dynamic client registration"

Hi there, I would like to let you know that the Oauth server returns the error "Internal Server Error" in the lab "SSRF via OpenID dynamic client registration". May you have a look at it? Thanks, Jesús

I can make sure I'm doing everything right, but almost every experiment that requires a web extension service to submit to a victim fails to complete the experiment after submission

I can make sure I'm doing everything right, but almost every experiment that requires a web extension service to submit to a victim fails to complete the experiment after submission！！！！！！

Lab from all topics

Hello! Have completed all 23 "Lab from all topics" from "Exam preparation steps", but in Dashboard tab it shows 22/23. I think it is bug. Please help me. Thanks!

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Certification

Hello, I have been working on Burp Suite certification (2/3 or 3/3). I have encountered a File Path Traversal and have tried various solutions, including different payloads, obfuscation, encoding in various ways, and even...

SQL injection false positives with Keycloak SSO?

Testing with the latest release of BurpSuite Pro against an instance of Keycloak 16, I get a number of reports of "SQL injection" issues. However, when looking at the response HTML I see no indication of any errors, which...

Scan Engine Disabled

Our team already tried injecting the license key. But when updating to V2023.2 burpsuite, the scan engine is disabled. They have tried fixing it but still can't. Could you please help to fixing it?

<img src=x onMouseOver=alert('Hello')>

<img src=x onMouseOver=alert('Hello')>

Broken Extensions preferences since burpsuite_pro_v2023.1.2

Hello, Since burpsuite_pro_v2023.1.2 the extensions cannot load their previous preferences. The extensions load/save the preferences by the following APIs: - loadExtensionSetting(name) - saveExtensionSetting(name,...

Bug in lab "Web cache poisoning via an unkeyed query parameter"

Hi, it seems that there is a bug in the lab "Web cache poisoning via an unkeyed query parameter". The response to GET / never gets cached as the server always return X-Cache: miss. Cheers, Jesús

Burp Browser Doesn't Work

Hi, the following error message is displayed when I click on open browser in the proxy menu: net.portswigger.devtools.client.impl.connection.local.n: Failed to read dev tools web socket The browser opens, but I cannot...

Two Report Different in one Site map when I can 2 day

Hi, I need your help. I have a problem with the report. For example, on the 15th, I scan and export the report. I can clear the cache, but the 17th export includes lots of Issue Definitions that have responses in the 15th.

Lab: Host header authentication bypass seems broken

After quite some trial and error and taking a look at the solution, it seems the lab is broken in its current state. Submitting the following request based on the solution will result in the server not responding and...

HTTP Request Smuggler options and button not visible with increased font size

Hey Folks, I have my font size set on 15 on a QHD (2560x1440) screen with 125% scaling and when I try to use the HTTP Request Smuggler extension I am unable to see some of the options nor the button to start the extension...

Active Scan stops after some time.

Hello This issue fairly occurs with "bigger" websites. It feels like scanner bloats and stops working. Is therea any solution for this? Do you guys need some kind of report or log from my end? Thanks in advance

installer on fedora 35 dispaly an-empty-red-/rose-dialog-no-buttons-nothing

I opened a thread on Feb 9, 2023 as I was not able to continue installing Burp...

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS does not work correctly

Hi! A correct POC (generated by Burp Clickbandit, tested in Chromium Version 111.0.5563.64 (Official Build) (arm64)) does not solve the...

Lab: Host validation bypass via connection state attack does not work as intended

https://portswigger.net/web-security/host-header/exploiting/lab-host-header-host-validation-bypass-via-connection-state-attack The lab does not require to conduct request smuggling attack and can be easily solved by the...

Burp Suite Pro Intruder tab does not open

I have tried to use the intruder attack but the intruder tab does not open up to see what is going on. Tried reinstalling Tried rebooting the PC Burp suite pro version 2023.2.4 is installed on Ubuntu 22.04...

…

7

…

Page 7 of 126

Burp Suite Support Center

Your source for help and advice on all things Burp-related.