Bug Reports - Page 8 - Burp Suite User Forum

bug in burp suite navigation recorder.

Spend three weeks trying to find out what plugin was messing up three different web sites. Microsoft Edge, with burp suite navigation recorder installed and active. the web sites do not render. they do very strange...

Chromium freeze whenever I open Dev-Tools

Hello, Burp Suite Pro v2023.6-21057. I have had this issue for some time now with older version as well. I am using the built it Chromium browser, everything work just fine up until I open the browser developer tools -...

BurpSuite Enterprise Uses Log4j

Hi Support Team, I just wanted to ensure that log4j-core-2.14.1.jar installed by the Burpsuite enterprise web server is not vulnerable to RCE. I read in the forum that Burpsuite Enterprise does not consume log4J for...

Prototype Pollutions DOM Invader

Hi, I was trying to use DOM Invader to automatically find the way to solve the following exercises: Client-side prototype pollution in third-party libraries, DOM XSS via an alternative prototype pollution vector and...

Broken Lab: Visible error-based SQL injection

This lab was broken, it kept on giving same the error message: "Unterminated string literal started at position 95 in SQL SELECT * FROM tracking WHERE id = 'jUp8oNzaKr4pzj9y' AND 1 = CAST((SELECT password FROM users L'....

Burp built in browser not connecting to the internet.

Hi, I am having a bit of a problem when running burp's integrated web browser for intercepting, as I run it and enter a website like google.com for example, burp will not intercept and the browser will return an error...

Section Symbols are appearing in images which breaks Intruder

Section Symbols '§' are appearing in any images (jpg, gif, png, etc.) when retrieved in GET requests or posted in POST, if sent to Intruder it corrupts the image because it strips those characters.

section symbole isuue

hi when i using intruder i have isuue with section symbole(§) There is the same symbol in my Arabic language, which causes interference and problems in the work of the intruder, can we change section symbol (§) with other...

Question/bug on lab "CORS vulnerability with internal network pivot attack"

While trying to solve the mentioned lab, the retrieved HTML code from the internal website cleary states that the request for the "login" is a POST. However, the solution silently continues with a GET to trigger the XSS. If...

Solved

The post you are implying about is my solution for all the set labs and solved all problems including bug labs Apetree1001@email.phoenix.edu

2FA bypass using brute-force attack

I'm not able to solve this lab using turbo intruder as I'm using burp suite community edition. I also try to check if this issue persist only with turbo intruder or normal intruder, but this issue also happens with normal...

Problem with license key Enterprise Edition

Dear team, I requested for trial version of Enterprise edition. I have received the required info and i have followed the steps on portswigger as well but the moment i upload the license key it is throwing me an error -...

Invalid certificate generated

The certificate generated contains a country code of PortSwigger which does not conform to the RFC which says that the country code should have a length of 2 https://datatracker.ietf.org/doc/html/rfc3280#page-96 This...

Intruder Payload processing

if i use Payload processing: hash:MD5 on result page i see hashed payloads. One of them "good" but i can't see in "raw" only hashed. Screenshot: https://i.imgur.com/X0Mxku3.png p.s. in this task i must brute-force...

my burp tip Unsupported or unrecognized SSL message

Using burp embedded browsing to visit the website to prompt certificate problems

Link manipulation (DOM-based) - JQuery

Hi all, we use jquery-3.3.1.js in our application. Burp scan found a Link manipulation (DOM-based) vulnerabilities in JQuery sources: 1. // Anchor tag for parsing the document origin originAnchor =...

CSRF where token validation depends on request method and

Hi, The lab seems to have a bug in it. When I submit Store, View Exploit and Deliver exploit to victim. The Lab is not getting solved. Please fix. Thanks, Suresh

CSRF where token validation depends on token being present