Bug Reports - Page 86 - Burp Suite User Forum

Incorrect work of Passive Scan Issues

I began to actively use extensions that analyze content in a passive mode, and noticed that in the latest version (and maybe earlier) there is a problem with creating an issue. For example, the Software Version Reporter...

Lab: Targeted web cache poisoning using an unknown header

I was trying to solve this lab by injecting the 'alert(document.cookie)' directly in the X-Host header as: 'X-Host: domain"></script><script>alert(document.cookie);</script>' and it was working, it was executing the alert in...

Error when sending mail

Error occures when trying to add a user. When I try to send a test mail shows the error: "An unexpected error occurred. If this problem persists, please contact support@portswigger.net." The log reglated to this...

HTTP Smuggling - HTML Report Export Bug

When exporting a smuggling issue to html report, if the smuggling attack relies on a 'space' character immediately preceding the Transfer-Encoding header, the space character is not rendered in the report. This makes it...

Burp suite embedded browser doesn't work

Hello, I am using Burp Suite Community Edition v2020.11 when I go to the Proxy tab, in "Use Burp's embedded browser" I click open browser the browser is opening, but no metter what I am writing it just doesn't...

Burpsuite Hangs after sending lots of repeater requests

In burpsuite community edition, after sending lots of requests in the repeater tab, my burpsuite hung. I sent a bad login request to repeater then hit send a bunch of times to test the application's lockout policy. To my...

Burp 2020.11 hangs completely

Hi, I am used to issuing requests using hotkeys instead of doing it with mouse. Its really useful. When request contains some encoded data and mouse will hover over it a new window will pops up automatically containing...

Burp-Enterprise REST-API: Creating a Folder,Sub-folders and Site through REST-API endpoints.

Hi, I was looking for REST-API endpoints to create a Folder, Sub-folders and new site. Please let me know if any.

Scanning REST APIs with Burp Enteprise

We regularly scan RESTful APIs using Burp Suite Professional together with Postman. Once we have navigated all of the API's endpoints with Postman, we unleash the Burp scan. As long as the API endpoints don't change we run...

Slow network requests while using Burp / Upstream Proxy in Burp

TLDR; Website loading time while using burp is doubled, tripled if using Burp + SOCKS5 Hello everyone, I'd like to ask more information about a bug I'm currently encountering while using any version of Burp, perhaps other...

ReadHandShakeRecord Error in Burp Suite Community v2.1.02

Hi... I am getting 'ReadHandShakeRecord' error in Burp Suite Community edition v2.1.02. I have java Version 8 Update 221 installed on my Windows Server 2012 machine. I also set Proxy correctly in Burp Suite and in Browser...

Chromium browser keeps crashing

Hello I'm running version 2020.8, build 3537, trying to 'open embedded browser', clicking help links all of which are trying to launch Chromium, which I never really use. Chromium keeps crashing and shutting down. Running...

Lab "Stored XSS into anchor href attribute with double quotes HTML-encoded" issue

Hello! I have made XSS as described in the solution, but there are still no congratulations message.

Burp Enterprise Recorded Login

I tried the recorded login today and increased the memory on my centos 7 server to 40 GB (for 3 agents). I have 230 GB of free disk space. But still I get the error: The scan is configured to use recorded login sequences....

Can't connect to https://www.dyson.com through burp but it works with https:///www.dyson.co.kr or other tld (.fr,...)

Hi, I have well configured burp suite to connect to https website using cacert. I am almost in default configuration everywhere in burp. My problem is : I can't connect to https://www.dyson.com but I can connect to...

Latest update introduced bug with WebSockets

Hello, The latest Burpsuite update has introduced a bug into the WebSockets functionality. The "Raw" window will no longer display data despite data being visible in the "Hex" window. I have downgraded to temporarily...

Lab: DOM XSS in document.write sink using source location.search inside a select element

I get the xss pop-up but the lab does not report it solved. I crafted the URL with the storeId query parameter and inserted javascript payload using alert function which pops "1". Can you guys take a look at that?

Intruder going out-of-memory when enumerating file download functionality

My intruder is going quickly out of memory as I am enumerating numbers which each request gives me a downloadable file. The intruder requests are set to not store the response data, but still the memory keeps increasing...

Lab issue: Exploiting cross-site scripting to steal cookies

Hello! I am trying to solve one of your labs - https://portswigger.net/web-security/cross-site-scripting/exploiting/lab-stealing-cookies. I had thought that something wrong with me, so I have read the solution, but I also...

error: timed out waiting for the condition on jobs/bsee-database-migration - Database migrations failed

I've installed the arm template of Azure with the Enterprise Edition 2020.10.1 Deployment has completed success. When the application container run, the pod bsee-database-migration end with error. In the condition...