Bug Reports - Page 82 - Burp Suite User Forum

Web Security Academy - Reflected XSS into attribute with angle brackets HTML-encoded: Additional solutions

Hi together, I have some feedback for the Web Security Academy :) 1. I couldn't find where to put feedback for the labs. So I hope I'm right here. 2. In the "Reflected XSS into attribute with angle brackets...

Automatic Detection of Open Redirection Vulnerability in Portswiggers related Lab

Hi, why do Burp Professionals's automated scans not detect the open redirection vulnerability in the related "Lab: DOM-based open redirection"...

BurpSuite Error

Was following along with an INE tutorial. Got this message. Wanted to do my small part and report the error. └─# burpsuite 127 ⨯ Jan 21, 2021 12:24:34 PM...

MSSQL Injection not being detected by scanner.

Hi PortSwigger Team, The Professional version scanner is not detecting a simple blind SQL injection in Microsoft SQL server. I know in versions 1.7 and 2.0beta this exact scenario was correctly identified several...

Burp Suite Pro Crash

Burp suite professional crash when I change my keyboard layout to Mandarin input (Pinyin) in Mac OS X 10.14.6

Burp Community Installation on Kali - Pink Screens

I'm having a strange problem on Kali. After installing Burp Community, the startup prompts are all pink and cannot be clicked. I've tried installing with the shell script, the JAR file, and via apt. I've also tried...

Burp freeze

Hi, I tried using the Scanner with the latest Burp, but the problem that the Scanner freezes and never ends when the server does not return a response seems to recur. The url says: Unauthenticated crawl. Estimating...

Burp Enterprise not able to to login using recorded login sequence & auto discover URLs

Hi, I have tried to capture login to our solution suites using burp recorded login sequencer and applied the generated json in the burp enterprise edition site settings. All the scan is getting completed with a failure...

test1

message1

Scanner application login not trying all buttons

I have a website that has the following login form: <form id="example" name="example" method="POST" target="_self" action="https://example.org/e/?login" accept-charset="UTF-8"> <input type="text" name="username"...

v2020.7 Embedded Browser Doesn't Launch on Parrot

Hello, I just wanted to report that the embedded browser in 2020.7 does not launch with a default Parrot OS (https://parrotlinux.org/) configuration. Attempts to launch it return "net.portswigger.devtools.client.a: Refusing...

Connection resets and Failed to negotiate TLS connection

Burp Pro - has anyone else solved the issue of getting continual Connection Resets like fxxxing hundreds. And not being able to tell what is causing it Also lots and lots of Client failed to negotiate a TLS...

Labs Failing to Respond

Hi, I'm having issues with this lab,"Web cache poisoning to exploit a DOM vulnerability via a cache with strict cacheability criteria". As soon as I enter the X-Forwarded-Host header, the lab server fails to respond. I've...

Advanced Scope Control does not follow correct regex syntax

Hi, I noticed the advanced scope control mentions you can insert regex, but it does not actually follow correct regex syntax. Asterisk `*`, should be treated as a quantifier, matching zero to unlimited times, however...

RegEx does not work properly on HTTP Request and Response

Hello I want to use regex to remove those empty lines from the HTTP responses that developers placed there. I used ^ to get the beginning of each line, but what it returns is just the first line of the response and...

Logic error in lntruder module

1、I need to brute force the username and password fields.See 1. JPG POST /xxx/xxx HTTP/1.1 Host: xxx.xxx.xxx.xxx Connection: close Content-Length: 56 Accept: application/json, text/javascript, /; q=0.01 Origin:...

Smart decode is not smart

The smart decoder is not working anymore for even simple base64 payloads. Please debug the issue and let me know. Thanks, Rod

Request Text Mangling in Proxy

After right clicking and selecting "Send to Repeater" the request text becomes mangled (overlapped in some areas). Running Burp 2020.12.1 Professional with Dark theme in Ubuntu 20.

Backup file false positives

I am getting many, many instances of the "Backup file" issue type. The issue is that the scanner makes a request that is a variant of a legitimate request, for example instead of GET /users/sign_in.json, it will call GET...

Unable to reactivate license after removing burp from computer

Hi, I had my burp pro license at the limit. I wanted to remove it from one machine to activate it on another. So I did remove burp from my computer under the help menu, but it is now neither allowing activating the license...