Bug Reports - Page 7 - Burp Suite User Forum

burp community-failed to connect to website.com:443

Hi, I'm trying to connect to website using burp chromium browser. But most of the time, the loading end by an error screen saying "failed to connect to website.com:443" I searched but didn't fought any awnser that helped...

Burp would change hex values of non-printable characters in binary files in POST request (repeater/intercept)

Hi, I'm on version v2024.7.5 I encountered bug in intercept and repeater. When editing POST request that has attached in body binary file like xls. After modyfing as little as one character in "pretty" and "raw" tab in...

Send to Intruder inserts character markers at incorrect positions when executed from the GraphQL message editor tab

Bug overview: Intruder markers are added to the wrong character positions when the "Send to Intruder" action is executed while selecting text in the new GraphQL message editor tab. The Intruder markers appear to be inserted...

Issue with Burp Suite Version 2024.7.5 - Crashing During RDP Sessions

We have encountered an issue with Burp Suite Professional version 2024.7.5 where the application crashes while connecting through RDP. This issue significantly affects our workflow, as we heavily rely on remote sessions for...

Nothing happens when I click on the "Open browser" button

Hello all, I use Ubuntu 24.04 LTS (with gnome 3). I have downloaded the last version (30 august 2024) which is burpsuite_community_linux_v2024_7_5.sh When I click on the "open browser" button, nothing...

Scanner Is it a bug? "Cross-domain Referer leakage" is reported despite no sensitive data in the "Referer" header, why?

Hi team, Need some clarifications on this scanner category "Cross-domain Referer leakage". My client needs to use this burp pro scanner feature. Burp Pro scanner reports "Cross-domain Referer leakage" even no...

Exploiting insecure output handling in LLMs not solving

seems that the lab Exploiting insecure output handling in LLMs i have also tried the sugested solution. if i ask for the review it delete my profile but is like carlos is never asking info about the l33t product.

"Cross-domain Referer leakage" is reported despite referrerpolicy attribute

Hello, an active scan on one of our applications reports a "Cross-domain Referer leakage". Taking a look at the response tab in Burpsuite, the following snippet is highlighted: <a class="info-box" target="_blank"...

Can't start BSCP Exam

Hello, I purchased access to the BSCP exam today, I'm going through the process for the second time. I passed the initial session on the Examity portal and when I try to start the exam on the examiner's page, I see the...

LAB Not solved

Labs are not getting in solved status even after taking the right approach or the suggested approach in the exercise. 1.Reflected XSS into a template literal with angle brackets, single, double quotes, backslash and...

Lab status bug

Hi team, So far, I have observed this unsloved to solved status bug. Even if you do the labs correctly, the lab doesn't gets solved. 1.Reflected XSS with some SVG markup allowed 2.Reflected XSS into a JavaScript...

2024.7.5, Montoya API, Extensions, Custom Editor Tab, Modified Requests Not Forwarded

I have received a bug report about our SAMLRaider extension that the modified requests are not being forwarded correctly. This problem occurs with the new BurpSuite version 2024.7.5. I can reproduce the bug, but I am not...

Password found for lab "Information disclosure in version control history" can't login

Hello all, I think there is a bug on this lab : https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-in-version-control-history In the diff for admin.conf I have : ...

Burpsuit pro cluster bomb payload set can't add different payloads

For example, I have 2 payload sets need to be set different payloads. After I set 1st set which is filled with usernames, the 2nd set will always add the 1st set's payloads in its payload list. It should use different...

Could not start Burp: java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "platName" is null

Hello all, I use Ubuntu 24.04 LTS (with gnome 3). I have downloaded the last version (30 august 2024) which is burpsuite_community_linux_v2024_7_5.sh First, when I try to run the installer I got : Could not...