Bug Reports - Page 82 - Burp Suite User Forum

Burp is not url-encoding payloads in active scan

Dear, When I send intercepted request to the intruder and chose the active scan insert points option , the burp suite is sending a payload without URL encoding. best regards

sql query breaks sqli labs

Hello, I found out that '||pg_sleep(10); -- - query breaks the postgresql injection labs. For some unknown reason that payload broke the lab and no matter how time I waited, the lab didn't come back up. I don't know if...

Jenkins plugin fail

Developer who manages Jenkins server for a CI pipeline reports: the Burp plugin installed successfully and offers the options they mention in the instruction but they are non-responsive for some reason, just nothing...

Web Security Academy Bug?

I may have stumbled across either an interesting Academy bug, or my Burp installation and/or browser have had a stroke. But maybe this has been observed before. In short, during the lab "Exploit XSS to Perform CSRF" I...

SSRF VUNLERABILITY VIA OPEN REDIRECTION IS NOT WORKING

Hi the SSRF with filter bypass via open redirection vulnerability lab is not working ,was trying to solve the lab the redirect is not going through, it always says "Failed to connect to 192.168.0.12:8080"

Learning materials never 100% ?

Hey guys, I've checked(completed) all "Learning materials" and its showing: Learning materials: 93% its a bug or I missed something? (double checked) thank u.

i have issues with integration of burp suite to jenkins

Hi , I have followed all the steps in the documentation. https://portswigger.net/burp/documentation/enterprise/administration-tasks/ci-cd/jenkins/burp-scan but I am not able to get the build steps for burp...

Scanner doesn't report previously found issues if same Insertion Point number.

For example, there are like following reqest: [Req A] GET https://example.com/request.php?p=TEST_A&mg=TEST_A&exectype=TEST_A [Req B] GET https://example.com/request.php?p=TEST_B&mg=TEST_B&exectype=TEST_B I have set...

Web security academy bug

I am trying to solve SQL injection labs, but when I am solving a lab it doesn't show it is solved. I think is the same problem, that was one year ago, described here:...

Lab: Infinite money logic flaw

In the Macro Editor, click "Test macro". Look at the response to GET /cart/order-confirmation?order-confirmation=true and note the gift card code that was generated. Look at the POST /gift-card request. Make sure that the...

Burpsuite PRO not working with bundled jre

Hi, i was trying to install Burpsuite but getting error that it could not use bundled jre. while checking in logs [5:94] ERROR: Could not load bundled JRE. Failed with error code 1260.

Incorrect Issue Type/Advisory Finding & Remediation

Issue: Browser cross-site scripting filter disabled This issue is incorrect. The remediation says to use "X-XSS-Protection: 1; mode=block" but according to OWASP "The X-XSS-Protection header has been deprecated by modern...

Port being added only to the Host header instead of target URL

Hello, I've noticed a new bug, something that didn't happen before. Currently using burpsuite_pro_v2021.6.2, Windows 10, Google Chrome 91.0.4472.164 So when trying to access http://123.124.125.126:1337 I've noticed...

Broken DNS AAAA lookups

Burpsuite 2021.6.2 on MacOS does not make AAAA DNS lookups, and subsequently does not try to connect to IPv6 addresses of sites. This causes total failure if the site is IPv6-only, eg https://www.v6.facebook.com,...

setHTTPService API method appears broken

Hello, I have successfully created an HTTP request as such: httpService = self._helpers.buildHttpService("google.com", 80, False) requestResponse = self._callbacks.makeHttpRequest(httpService, message) When...

Burp Freezes On Window Maximize During Start

I found a bug which seems to be reproducible. When launching burp on windows and maximizing window during lunch, burp will often freeze after automatically minimizing the window. I'm using latest version of burp pro...

" Match and Replace " function lead burp to crash

My config json is: { "enabled":true, "is_simple_match":false, "rule_type":"response_body", "string_match":".*\r\nHTTP/", ...

Cannot close Burp Sequencer [manual load analysis] window

Burp Suite Pro v2021.6.2-8352 (Early Adopter) -- Checking for updates indicates Burp is up to date. I opened a manual load sequencer window to analyze previously collected session tokens. When I attempted to close the...

Activation failed: no more activations

I downloaded the 30 day trial version of Burpsuite Enterprise and installed on my MAC. After a reboot it asked for the license again which I imported again but it failed to activate: 2021-07-22 15:21:11 ERROR...

crawl& audit multiple subdomains

Hello I am trying to crawl&audit multiple subdomains of the form: *.test.com I have read this: https://forum.portswigger.net/thread/how-do-i-add-al-subdomains-to-scope-77e3e61a and tried to do the same: url to scan:...