Bug Reports - Page 71 - Burp Suite User Forum

LAB: Reflected XSS with event handlers and href attributes blocked

Hi, I'm facing with an issue on this lab. I'm visiting this site which contains the XSS payload which creates an svg-animated anchor:...

Cookies are not added to crawl and audit

Hi, Burp Suite failed badly at scanning the entire site. Why not integrate current cookies into crawl and audit? Application login feature is the world's worst app. Instead of defining cookies, there is an obligation to...

Burp Pro in Kali VM keeps crashing

Hello, I am using Burp Pro in a Kali VM on a Win10 machine inside of VirtualBox. I have issues with my instance of Burp crashing pretty regularly. There doesn't seem to be any set condition causing it to crash, as it will...

Possible error in "AngularJS sandbox"

In "How does an AngularJS sandbox escape work?" it is indicated that "single characters are always less than multiple characters". I maybe misunderstood the sentence, but this is false for example the example given...

Cache Poisoning Lab bot problems

Hello! I now tried doing first two Cache Poisoning labs (they are great, thank you PS!). I can poison the cache, and I can trigger XSS via Cache Poisoning locally but the lab is not being marked as done. I tried even looking...

Broken Business Logic leading into restrictions bypass and Alternative Solution found for PortSwigger Academy Lab: Username enumeration via account lock

Hello! Found an alternative solution on the lab based on a bypass which I think would be awesome to present to the community. The bypass relays on switching the order of the HTTP POST parameters, which turns out to...

No report generated after scan

I have integrated burp suite in Azure pipeline, after successful build, I do not see the scan being reflected on the UI or the report being generated.

Intruder Numbers payload can not be loaded in Burp Suite Community Edition v2021.12.1

Hi, I am having an issue in the intruder numbers payload type, I can not select it and when trying to do so it just shows the previously selected payload type.

Estimating time remaining

The scanner keeps getting stuck on "Estimating time remaining". .. please fix or tell me how to force the scan to start.

Edit the price of a product within requests

Hello: I edited the amount of a product correctly on a site and went to the payment stage, but after paying at the price I had set, a message appeared saying that the payment was unsuccessful but the money had been deducted...

Are Burp Collaborator or Burp Enterprise vulnerable to Log4j

Hi, As Burp Collaborator or Burp Enterprise are Java based and aren't bundled with the latest version of java they may be vulnerable to Log4j issues. Are you able to confirm whether they are or not? Thanks!

LABs file upload not working

Hi Recently I have noticed, that on 2 LABs avatar upload does not work. Can You confirm? 1. Server-side template injection with a custom exploit 2. Using PHAR deserialization to deploy a custom gadget chain On both...

Burpsuite v2021.10.3 freeze on launch (~30% chance of happening)

java 16.0.2 2021-07-20 Java(TM) SE Runtime Environment (build 16.0.2+7-67) Java HotSpot(TM) 64-Bit Server VM (build 16.0.2+7-67, mixed mode, sharing) Burpsuite v2021.10.3 Edition Windows 10 Home Single...

firefox error

I have followed the instructions letter by letter. inserted the certificate so fire fox would trust it. I have gone to burger menu/preferences/network/settings/ manually configure proxy with my loop back of 127.0.0.1 on...

Lab for "Web cache poisoning with an unkeyed header" not completing despite correct (?) solution

Hi, Basically as the title says I have done the lab for "Web cache poisoning with an unkeyed header" and succeeded in getting the alert box to pop up in my browser. However despite this no matter what I do the lab itself...

Temporary files not getting deleted , resulting scan fail in Burp enterprise

Hi Team, Please find below log 2022-01-06 00:40:11 [b] INFO - Unrecognized command-line argument: --data-dir 2022-01-06 00:40:16 [b] INFO - 2022-01-06 12:40:16: REST API running on http://localhost:63475/ 2022-01-06...

HTTP history filter endless loop

Whilst trying to make an exclusion on the http history logs I noticed that the following pattern will send burp in an endless loop on the filter without the ability to cancel the process either. To reproduce, in my case I...

Crash on Installer on latest Fedora 35

Had a report that the latest Fedora 35 will cause a crash with the installer. 'I downloaded the jar file and it worked. the one with the embedded JRE crashes' Is what was reported to me.

Captializing headers in repeater tab in http2

burp is Captializing the headers in repeater tab in http2 how can i solve this ,is there any method to fix this tanx in advance

Extensions unloading broken (?)

Hi, I would ask support for Burp as I'm issuing a strange anomaly while closing. I have likely 10 extensions loaded while doing my work. After I finished all, I close burp and I expect it to close. BUT, it actually unload...