Bug Reports - Page 72 - Burp Suite User Forum

OAuth authentication

Authentication bypass via OAuth implicit flow: this lab when i want to log into social network page the this page redrict to this kind of page: SessionNotFound: invalid_request at Provider.getInteraction...

Academy Progress Lost

I recently change my email to email B and lost all my progress except for XSS labs. Then when I change back my email to email A, I still lost all the other lab progress (CSRF SSRF, SQLI,etc) except for XSS labs. Need...

Burp Collaborator doesn't show request for DNS and HTTP

Collaborator showed request only for https://<url> If I used http://<url>, the server showed the response, but doesn't get captured in collaborator client.

Browser not opening in Professional v2021.5.2

Hello, I am currently running v2021.5.2 on windows. When I try to run inbuilt chromium browser, I am getting the following error message: net.portswigger.devtools.client.s: unable to start browser I had a look at the...

HTTP2 Failure In Extensions / callbacks.makeHttpRequest

Hello, I'm currently using Burp Pro version 2021.5.1-7814, however I've noticed this behavior on earlier versions as well. The Proxy handles HTTP/2 traffic just fine. So does repeater. But when an extension literally...

Http2 not supported in target requests

Hi team, I was trying to scan an application supported http2. But my login macro failed. while looking through the logs, the status code of (macro request's response) is 505. The same request is successful in repeater...

Null Payloads No Longer Repeating in Intruder

I'm running the latest version (v2021.5.1). I used to use intruder with null payloads and one minute intervals, and a grep for user info to see how long a session would last after a user logged off. However, this no longer...

[Beta v2.0.03beta] New Scan does not seem to ever finish

Hi, following up on my previous bug report. I am running the latest burp beta on a fully updated OSX and JAVA environment. I have started a new scan against 2 URLS from the same domain and towards the end of the scan,...

[Minor False Positive] Strict transport security not enforced when HTTP 30x encountered

Hi, I have several instances on the dashboard which claim to have a HSTS problem but burpsuite obviously connected to the instance before. Example of a full response header: HTTP/2 304 Not Modified Date: Tue, 08...

XSS Cheat Sheet Copy to clipboard option does not work.

Hi guys, I am trying to use the copy to clipboard option on the XSS cheat sheet page, in order to paste the payloads on the payload tab and it seems that it is not working. I have tried it from both the guest OS and my...

Wrong lookup IP address in External service interaction (DNS)

Hi, We had recently performed Burp Suite Scan on our application and the External service interaction (DNS) was reported with Severity: High and Confidence: Certain. However in the Collaborator DNS interaction the IP,...

Request Engine

Hi! I can not see in the Intruder in the options pannel the Request Engine which enable us to change the number of threads sent. I just have an Error Handling section... I have the BurpSuite version 2021.6. Thank you!

Lab not resetting

I was trying the 'Basic clickjacking with CSRF token protection' lab and accidentally deleted the account. I waited more than an hour and the lab still has not reset. What can I do? should I wait longer?

Burp scanner - Audit configuration bug

Good Morning, There seems to be an issue with the burp audit configuration when using Burp Scanner. When setting up a scan and changing the audit configuration (such as the issues reported) the audit does not actually...

A

Hello, We want to automate the burp suite with python code, that can do scanning for specific URL. How can we do that? Can you help us in this regards?

Copy-Paste (at least) shortucts don't work in "Proxy > HTTP History" part of the app in Burp Community

I've noted it a few versions ago, but thought as it's pretty obvious, somebody will report it and it will be fixed soon. But it still doesn't work. When I select some entry in History table, and try to select and copy any...

Activation Failed.

Hello. Cant activate burpsuite pro. I guess thats happened because i using many devices and often reinstall OSs/VMs. Our license for 3 users, but we are actually two persons. As i remember, "1 person -- many installation...

Could not connect to any seed URLs

We are attempting to scan a URL, and it is failing with the message "Could not connect to any seed URLs." We are using BS Enterprise, proxy server set up appropriately, and cannot scan this URL.

Could not start Burp: java.lang.ExceptionInInitializerError

When attempting to install burp for mac, the image mounts but when double clicking to install, it just wont install. Then attempted to use the JAR version and getting the error: Could not start Burp:...

Community Edition shuts down unexpectedly

Just started with HackerOne and while going through the "Getting Started With Burp" YouTube video Community Edition just shuts down after going though the first trivial capture the flag when I try to change the scope ip...