Burp Suite User Forum

Login to post

Burp Enterprise Kubernetes Helm Chart - Troubleshooting bsee-connection-check OOMKilled Error

Hello, I installed Burp Enterprise in a Kubernetes cluster through the provided Helm chart, and I ran into a strange issue with the bsee-connection-check job running out of memory. After modifying the values.yaml file to...

Last updated: Apr 11, 2023 02:02PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug in lab "SSRF via OpenID dynamic client registration"

Hi there, I would like to let you know that the Oauth server returns the error "Internal Server Error" in the lab "SSRF via OpenID dynamic client registration". May you have a look at it? Thanks, Jesús

Last updated: Apr 11, 2023 11:25AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

I can make sure I'm doing everything right, but almost every experiment that requires a web extension service to submit to a victim fails to complete the experiment after submission

I can make sure I'm doing everything right, but almost every experiment that requires a web extension service to submit to a victim fails to complete the experiment after submission!!!!!!

Last updated: Apr 11, 2023 08:14AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab from all topics

Hello! Have completed all 23 "Lab from all topics" from "Exam preparation steps", but in Dashboard tab it shows 22/23. I think it is bug. Please help me. Thanks!

Last updated: Apr 11, 2023 07:46AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Password reset poisonin via dangling markup

in the step 5 they all time show me that CSRF token is invalid. Even if I follow the video tutorial the thing is same. so help me to solve the lab.

Last updated: Apr 10, 2023 08:42AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Certification

Hello, I have been working on Burp Suite certification (2/3 or 3/3). I have encountered a File Path Traversal and have tried various solutions, including different payloads, obfuscation, encoding in various ways, and even...

Last updated: Apr 06, 2023 03:10PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

SQL injection false positives with Keycloak SSO?

Testing with the latest release of BurpSuite Pro against an instance of Keycloak 16, I get a number of reports of "SQL injection" issues. However, when looking at the response HTML I see no indication of any errors, which...

Last updated: Apr 06, 2023 08:00AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Scan Engine Disabled

Our team already tried injecting the license key. But when updating to V2023.2 burpsuite, the scan engine is disabled. They have tried fixing it but still can't. Could you please help to fixing it?

Last updated: Apr 05, 2023 01:38PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

<img src=x onMouseOver=alert('Hello')>

<img src=x onMouseOver=alert('Hello')>

Last updated: Apr 05, 2023 12:36PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Broken Extensions preferences since burpsuite_pro_v2023.1.2

Hello, Since burpsuite_pro_v2023.1.2 the extensions cannot load their previous preferences. The extensions load/save the preferences by the following APIs: - loadExtensionSetting(name) - saveExtensionSetting(name,...

Last updated: Apr 03, 2023 01:39PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Bug in lab "Web cache poisoning via an unkeyed query parameter"

Hi, it seems that there is a bug in the lab "Web cache poisoning via an unkeyed query parameter". The response to GET / never gets cached as the server always return X-Cache: miss. Cheers, Jesús

Last updated: Apr 03, 2023 11:19AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Browser Doesn't Work

Hi, the following error message is displayed when I click on open browser in the proxy menu: net.portswigger.devtools.client.impl.connection.local.n: Failed to read dev tools web socket The browser opens, but I cannot...

Last updated: Apr 03, 2023 07:11AM UTC | 4 Agent replies | 4 Community replies | Bug Reports

Two Report Different in one Site map when I can 2 day

Hi, I need your help. I have a problem with the report. For example, on the 15th, I scan and export the report. I can clear the cache, but the 17th export includes lots of Issue Definitions that have responses in the 15th.

Last updated: Mar 30, 2023 01:26PM UTC | 1 Agent replies | 2 Community replies | Bug Reports

Lab: Host header authentication bypass seems broken

After quite some trial and error and taking a look at the solution, it seems the lab is broken in its current state. Submitting the following request based on the solution will result in the server not responding and...

Last updated: Mar 30, 2023 10:43AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

HTTP Request Smuggler options and button not visible with increased font size

Hey Folks, I have my font size set on 15 on a QHD (2560x1440) screen with 125% scaling and when I try to use the HTTP Request Smuggler extension I am unable to see some of the options nor the button to start the extension...

Last updated: Mar 30, 2023 08:40AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Active Scan stops after some time.

Hello This issue fairly occurs with "bigger" websites. It feels like scanner bloats and stops working. Is therea any solution for this? Do you guys need some kind of report or log from my end? Thanks in advance

Last updated: Mar 29, 2023 02:06PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

installer on fedora 35 dispaly an-empty-red-/rose-dialog-no-buttons-nothing

I opened a thread on Feb 9, 2023 as I was not able to continue installing Burp...

Last updated: Mar 28, 2023 04:08PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Lab: Exploiting clickjacking vulnerability to trigger DOM-based XSS does not work correctly

Hi! A correct POC (generated by Burp Clickbandit, tested in Chromium Version 111.0.5563.64 (Official Build) (arm64)) does not solve the...

Last updated: Mar 28, 2023 12:37PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Lab: Host validation bypass via connection state attack does not work as intended

https://portswigger.net/web-security/host-header/exploiting/lab-host-header-host-validation-bypass-via-connection-state-attack The lab does not require to conduct request smuggling attack and can be easily solved by the...

Last updated: Mar 28, 2023 11:58AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp Suite Pro Intruder tab does not open

I have tried to use the intruder attack but the intruder tab does not open up to see what is going on. Tried reinstalling Tried rebooting the PC Burp suite pro version 2023.2.4 is installed on Ubuntu 22.04...

Last updated: Mar 27, 2023 08:55AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 7 of 126

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image