Bug Reports - Page 73 - Burp Suite User Forum

Web Academy XXE Labs

In an update to my last post, there are six labs in total affected. I've had other users at home check also, so isn't just a local issue. These are the affected labs containing error reports on loading Lab: Exploiting...

Active Scanner does not detect CVE-2021-43798 (Grafana Directory Traversal File Read)

Hi, Grafana recently posted about a vulnerability (CVE-2021-43798) in their product at https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ This...

burp collaborator Not working - I verfied it through Wireshark

To be exact the Polling Server is not working as per the error below: No connections to the polling server at polling.burpcollaborator.net could be opened. The collaborator will not work in this configuration.

Burp doesn't remember the extension I'm using when I click on another url

Hello, In Burp 2021.6.2, in Proxy -> HTTP History when I choose an extension for example name A, when I click on every links, that extension A is auto loaded. But later Burp, when I click on other links, it auto select Raw...

Web cache poisoning via the Host header Lab

I completed the successfully displaying alert(document.cookie) after poisoning the cache, but the state of the lab still says: Not solved

Burp Collaborator - default public server gives 403 error when I try to visit it.

I am trying to use Burp Collaborator and when I spin up the client, copy to my clipboard, and try submitting the url I am met with a 403 Error.

Lab error

I have tried to access 2 diff. labs and as soon as I click on Access Lab button, I am being redirect to your Error page: https://portswigger.net/web-security/sql-injection/blind/lab-time-delays redirects me to...

Burp Intruder

I just realized that if we save Intruder attack result (I have tried to save response dont know about other data) then result is not in numbering format. For example I have sent 100 request where my 1st payload is num1,...

It's about the portswigger website.

There's has been a bug on the server i think its giving free burpsuite professional edition it's accessable from the main server of portswigger. Feel Free to message me on my gmail : abkhadgi37@gmail.com. Thank you

Activation license limit

Hello, can you please increase activations for cominfo@open.ru. Thank you.

Unable to open Burp Suite's embedded browser

Hello Team, im unable to open burp suites embedded browser as the error shows up as "BurpBrowser binaries were not found in the expected location"

Scans stops 28 seconds

Hello. I have a problem with the following situation: I've created a site and added to it 20 various URLs to scan them. The scan finishes after 28 seconds and only 2-3 URLs are visible as scanned in "Scanned URL". Even if I...

Installer fails on linux

Hello, I used the installer to install BurpSuite Pro on my Arch Linux machine. Installer updates 2021_10_3 and 2021_10_2 fail with the following message: ``` ./burpsuite_pro_linux_v2021_10_3.sh Unpacking JRE...

Active Scanner doesn't user supplied session

I've had this issue multiple times. I have a request with session (e.g. cookie value x) in the repeater where it works as intended. If I then run an active scan (by right-clicking, do an active can), the scan's base...

a fault occurred in a recent unsafe memory access operation in compiled Java code

I'm getting > a fault occurred in a recent unsafe memory access operation in compiled Java code when attempting to save a project. This happens both in automatic backups as well as manual backups, resulting in the...

Web Academy labs down?

Are the web academy labs down? I've tried for almost an hour now to access several of the authentication vulnerability labs and I keep getting ERR_EMPTY_RESPONSE or a 504 Gateway timeout. I have tried several laptops with...

Struggling to reach lab webapps - Couldn't write practitioner exam

I was supposed to write my Practitioner exam today, but I had to reschedule, unfortunately! So, it's been a week or so since I noticed that whenever I clicked on "access the lab" to launch a challenge (in web academy), I...

not able to identify the bootstrap or jquery vulnerabilities.

HI all, I am using the Burp Pro 8.2 version, while i scan my application it isnot able to idfentify the bootstrap or jquery vulnerabilities where as with ZAP proxy. Could you please help why Burp is not able to...

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft [Broken]

I'm pretty experienced with SQL injection. I've been doing this lab and I even copied and pasted the answer from the solution section into the proper category and it still is returning a database error. The lab is broken...

cant load a page on chrome after using burp proxy.

I installed the certificate, i use port 8080 and ip 127.0.0.1 with foxyproxy installed in chrome, but 1) only www.burpsuite works but it tells me "Failed to connect to 127.0.0.1:8085 " and i dont get why it says 8085....