Burp Suite User Forum

Create new post

Forcing HTTP/1.0, particularly using Repeater

With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should...

Last updated: May 02, 2024 09:17AM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Enterprise Edition: JUnit file cannot be parsed with Jenkins

Hi team, Our team is using the CI-driven scan feature of the Enterprise Edition integrating Jenkins and we are currently facing "XML Parsing Error: reference to invalid character number" error when we try to display the...

Last updated: May 02, 2024 06:30AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Site Map Overwriting Responses on Case-Sensitive Website

Hello, Burp Suite Professional v2024.3.1.3 appears to be overwriting page responses within the sitemap, rather than creating new entries, on case-sensitive websites. I am uncertain when this behaviour started, it was also...

Last updated: May 01, 2024 10:00AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Failed to Load Browser

I am getting below error. I have tried to install Burp to 'c:\tools\Burp' folder but I am still getting error. Can you advise? --------------------------- Error Loading Extension --------------------------- Failed to...

Last updated: May 01, 2024 08:23AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Couldn't load main class

Suddenly after burp was working perfectly I am getting now this error "Couldn't load main class" when i try to launch burp pro.

Last updated: Apr 30, 2024 01:26PM UTC | 4 Agent replies | 5 Community replies | Bug Reports

Blind SSRF with out-of-band detection Doesn't wrok

I have been testing relentlessly on this lab. No referrer header is displayed anywhere. I even manually put it in on every single page. Every single item Id page. I tried burp collab and webhook nothing. Whats wrong?

Last updated: Apr 30, 2024 09:50AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

I cannot access any of the labs, I keep getting the "Bad Request" error message

Tried Brup's built in browser, Firefox, resetting the learning path.

Last updated: Apr 26, 2024 09:57AM UTC | 5 Agent replies | 5 Community replies | Bug Reports

The "Parameters" tab does not appear in "API details"

Hello. Please help me with the following question. When I try to run an API scan (New scan > API scan) I encounter the problem that there is no tab "Parameters" in "API details" (New scan > API scan > API details >...

Last updated: Apr 26, 2024 07:52AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

maybe a problem with the lab : Reflected XSS protected by very strict CSP, with dangling markup attack

I can solve the lab when I play the role of the victim but when I send payload to the victim I don't get the CSRF token

Last updated: Apr 26, 2024 07:39AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Some of the CORS labs don't work anymore on firefox and chrome

Some of the CORS labs don't work anymore since a new update on firefox and chrome due to new security put into place on third party cookies called 'Partitioned' attribute. While it is still possible to solve the lab by...

Last updated: Apr 25, 2024 09:52AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Installing Burp Suite on Kali Linux Virtual Machine in a MAC Computer M2 processor

Hi, I am trying to install Burp Suite on Virtual Machine running Kali Linux. My computer is a MAC with M2 processor. I include the following command on my terminal: sudo apt-get install...

Last updated: Apr 24, 2024 05:31PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Lab freezes when deploying xss

The first two xss labs (I have not tried the others) crashes when xss payloads are sent. For example in the first lab i type the xss payload into the search box and click the search button. And Then, the web site starts load...

Last updated: Apr 24, 2024 07:24AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

IScannerInsertionPoint.getPayloadOffsets() causes scan failures when null is returned

Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the...

Last updated: Apr 23, 2024 09:59AM UTC | 1 Agent replies | 2 Community replies | Bug Reports

httpResponseReceived.body() returns everything that follows a HTTP/1.1 100 Continue header as the body

In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...

Last updated: Apr 22, 2024 12:22PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Lab: Web cache poisoning via an unkeyed query string

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...

Last updated: Apr 22, 2024 09:58AM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Insane Lag

Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.

Last updated: Apr 22, 2024 07:39AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum

The community edition burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum for either SHA 256 or MD5. The file has been downloaded several times, and the result is always the same. "SHA256 ...

Last updated: Apr 20, 2024 09:22PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Big space after words

I'm using Burpsuite (newest stable) in 2K monitor in ParrotOS, and there seems to be a rendering error only in Request/Response field where I see space cursor far behind character position where I typed. There seems to be a...

Last updated: Apr 19, 2024 11:21AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

'Credit Card numbers disclosed' finding false positive

Hi there, Using Burp 2024.2.1.5. As part of passive scanning a 'Credit Card numbers disclosed' finding was reported: Issue detail: The following credit card number was disclosed in the...

Last updated: Apr 19, 2024 07:53AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: CSRF where token is tied to non-session cookie solution not working due

Hi, i have an issue getting the solution to the lab working. Whenever i try to set the value of the csrf token with /?search=test%0d%0aSet-Cookie:%20csrfKey=8TIB6mcBo8vOoLZ1nSPocJae9QLOWMAw%3b%20SameSite=None the...

Last updated: Apr 18, 2024 11:38PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Page 8 of 148

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image