Burp Suite User Forum
Hello! I have been working through the Race Conditions topic, and am stuck on the last lab, Exploiting Time-Sensitive Vulnerabilities. I understand the concept, but the requests for username=wiener and username=carlos...
With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should...
Hi team, Our team is using the CI-driven scan feature of the Enterprise Edition integrating Jenkins and we are currently facing "XML Parsing Error: reference to invalid character number" error when we try to display the...
Hello, Burp Suite Professional v2024.3.1.3 appears to be overwriting page responses within the sitemap, rather than creating new entries, on case-sensitive websites. I am uncertain when this behaviour started, it was also...
I am getting below error. I have tried to install Burp to 'c:\tools\Burp' folder but I am still getting error. Can you advise? --------------------------- Error Loading Extension --------------------------- Failed to...
Suddenly after burp was working perfectly I am getting now this error "Couldn't load main class" when i try to launch burp pro.
I have been testing relentlessly on this lab. No referrer header is displayed anywhere. I even manually put it in on every single page. Every single item Id page. I tried burp collab and webhook nothing. Whats wrong?
Tried Brup's built in browser, Firefox, resetting the learning path.
Hello. Please help me with the following question. When I try to run an API scan (New scan > API scan) I encounter the problem that there is no tab "Parameters" in "API details" (New scan > API scan > API details >...
I can solve the lab when I play the role of the victim but when I send payload to the victim I don't get the CSRF token
Some of the CORS labs don't work anymore since a new update on firefox and chrome due to new security put into place on third party cookies called 'Partitioned' attribute. While it is still possible to solve the lab by...
Hi, I am trying to install Burp Suite on Virtual Machine running Kali Linux. My computer is a MAC with M2 processor. I include the following command on my terminal: sudo apt-get install...
The first two xss labs (I have not tried the others) crashes when xss payloads are sent. For example in the first lab i type the xss payload into the search box and click the search button. And Then, the web site starts load...
Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the...
In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...
Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...
Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.
The community edition burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum for either SHA 256 or MD5. The file has been downloaded several times, and the result is always the same. "SHA256 ...
I'm using Burpsuite (newest stable) in 2K monitor in ParrotOS, and there seems to be a rendering error only in Request/Response field where I see space cursor far behind character position where I typed. There seems to be a...
Hi there, Using Burp 2024.2.1.5. As part of passive scanning a 'Credit Card numbers disclosed' finding was reported: Issue detail: The following credit card number was disclosed in the...
Page 9 of 148
Your source for help and advice on all things Burp-related.