Bug Reports - Page 72 - Burp Suite User Forum

Lab: Forced OAuth profile linking does not seem to deliver the exploit to the victim

Hello, I am trying to solve the mentioned lab but on the step #11 I get issues. It does not seem as the exploit is delivered to the victim because then I get logged back in as peter. Yes, I made sure to drop the request....

Two exactly same requests in repeater but one fails and the other doesn't

I recently found a SQL injection vulnerability in a app (through a verbose error returned indicative of SQL injection and tried exploiting it using sqlmap while proxying through Burpsuite. I noticed the connection was...

Is burpcollaborator.net down?

With auditing, I see this error in Dashboard. 1640162438780 Error Suite [5] The Burp Collaborator server used by the Burp Collaborator client is not reachable, change the settings to use this feature. Using the health...

Burp Chromium give "Not Secure" response during training

Hi I'm getting a "Not Secure" response while training for the Burp Professional. When I tried to intercept the https://portswigger.net/ site, I can see the HTTP call in Burp. But when I forwarded the call, I'm getting a...

Deploying Burp Suite Enterprise Edition on Azure

Hello, Following the instructions there : "https://portswigger.net/burp/documentation/enterprise/getting-started/cloud/deploy-azure" for the latest version "Enterprise Edition 2021.12.1" and using Azure ARM template I have...

Collaborator Polling Doesn't Work

I use a VM for BurpSuite, and Collaborator, on default configurations, is working very strangely. I am unable to access the created domain inside the VM, but I am able to access it outside (such as on my host machine). The...

BurpSuite Collaborator Doesn't Work

I cannot connect to any BurpSuite Collaborator domains, and I use the default Collaborator server. When running a health check, the "Polling Server Connection" returns an error. The error message says that "No connections to...

Lab: Authentication bypass via encryption oracle is not starting

Hi! Web Security Academy >> Business logic vulnerabilities >> ExamplesLab >> Authentication bypass via encryption oracle when I try to run this lab, I see a long download and then a message ERROR: "An error occurred. We...

Bad request when accessing any lab

Hi Portswigger, I get a "400 Bad request" error when I try to access any of labs. Please advise. Thanks Oliver

Burp Suite requires discrete GPU on macOS

When running Burp Suite on a macOS machine with a discrete GPU the GPU is activated which reduces the battery life of the device. Does Burp Suite specifically require access to the GPU? I suspect this is most likely...

Apache Log4j < 2.15.0 Remote Code Execution (Nix) (155999)

Tenable reported bug on Burp Enterprise Synopsis A package installed on the remote host is affected by a remote code execution vulnerability. Description The version of Apache Log4j on the remote host is < 2.15.0....

Cannot access the lab

I cannot access the lab. When I press "Access the lab", it shows "The connection has time out". I tried in Chrome, Firefox, Edge and they had same result. Thank you!

Corrupted project after reboot

Hello, I experienced a file project corruption after a suddend machine reboot (win 10). I was working on last Burp Professional version (2021.10.3). Unfortunately, the project restore was able only to recover a minimal...

Lab: Authentication bypass via OAuth implicit flow

Lab: Authentication bypass via OAuth implicit flow is broken :/ It gives SessionNotFound: invalid_request error when I try to login in your own "social media"

Scanner is crawling and auditing out of scope items.

Hello, I am attempting to automate some tests with crawl and audit. I have defined my scope to exclude *.css files. When I use scan to crawl and audit, the crawl will find the *.css files and audit will start auditing...

New Scan says out of scope for in-scope URL

Hi there, Burp 2.0.3 is telling me that the scope URL I'm defining for a new scan (when clicking the button in the dashboard) is out of scope. URLs to scan: http://192.168.44.32/ Currently defined as scope...

Activations

I have been getting Burp to work on an EC2 instance and apparently have exceeded my activation's allotted. Would it be possible to extend these temporarily... at least until this log4j thing is over? Thanks in...

Scans not completing

I'm having an issue with scans progressing. After canceling a scan and reviewing the debug log I notice multiple iterations of the following error. 2021-12-16 17:54:42 [r] INFO - Exception report: 2021-12-16 17:54:42 [r]...

Burp not responding

When I set my Firefox's proxy to work with burp, burp does not intercept any request, also none of the pages load on Firefox, which is quite obvious if intercept is on. Also note that I have tried to open burp with and...

Lab: Blind XXE with out-of-band interaction via XML parameter entities

I am trying to access this lab today, and it is down or returning an error when trying to load. Just for your info, so you can look into it. I've been doing other XXE labs which are working fine.