Bug Reports - Page 9 - Burp Suite User Forum

suspecting a small mistake in SSRF topic

To whom it may concern, while learning and completing SSRF academy labs, I came across the topic "SSRF with whitelist-based input filters" under "Circumventing common SSRF defenses", and I believe there might be a small...

CSRF Labs Not Updating Solved Status

The CSRF labs seems buggy, I have tried all the labs, but non of them updates on successful "delivery of exploit to the victim". Following is a step-by-step breakdown, of what I am doing. 1. Login into my account 2. Add...

Repeatable bug in GUI (gui re-renders with shifting) when entering Min/Max/Step/etc values in Intruder

Burp Suite Professional v2023.10.3.6 Windows 10 22H2, GPU Titan X/Pascal on NVidia v546.17 drivers Default project/settings After triggering this bug, all GUI/any tab/any menu is broken and only Burp restart...

Http protocols mismatch

I run Chrome via `chrome --disable-http2`, the development tool bar shows that the protocol is http 1.1, but burp shows the http 2.0 protocol. Screenshot: https://ibb.co/VJs16Xb Site url:...

Burp proxy cannot reach my local DVWA instance

Hi. I am experiencing a really weird issue. I cannot for the life of me, figure out why this is not working. It was working yesterday, but not today. I am running a instance of DVWA (Damn vulnerable Web app) using...

Injection of line break (\r\n) into :path pseudo header gets stripped

While doing the lab "Web cache poisoning via HTTP/2 request tunnelling" I've noticed that the \r\n bytes are getting stripped when issuing a request in Repeater. Confirmed this issue in the Logger: Intended :path value: /...

Burp possibly doesn't close HTTP2 gRPC connection gracefully

First of all, thank you for your great efforts to make HTTP2 available in Burp. I'm using Go gRPC example application named RouteGuide(https://github.com/grpc/grpc-go/tree/master/examples/route_guide) to check Burp can...

unintentional, tabs spamming the screen

whenever i use certain tabs like repeater, after a request interception wherever i move my cursor many of same tabs keep getting spammed into the screen making it unable to use...

Duplicate secret file in "Remote code execution via web shell upload"

Hello, In the File upload vulnerability lab "Remote code execution via web shell upload", there is a duplicate secret file in the "/home/carlos" folder. Both files have the exact same name and content (I didn't know that...

Rest API Internal Server Error

After a system reboot, the REST API suddenly stopped working. I'm using Burp Enterprise. I can still start scans via the GUI, but all the API calls that used to work result in a 500 Internal Server error. Also, when I go...

Mail address check problem

When I try to request free trial of Pro Version and type my actual email address correctly, it always shows an error "Please enter a valid business email address". It also didn't work with Gmail. It is really annoying, could...

Burp repeater Request editor scrambles bytes when switching between Raw and Hex

Here is a minimal test case to reproduce the problem To reproduce: 1. Open repeater tab, and focus raw Request editor 2. Insert a new line 3. Insert the following Base64 string: /w== 3. Select the base64 string (4...

Issue with "Reflected XSS protected by very strict CSP, with dangling markup attack" lab

I hope this message finds you well. I wanted to bring to your attention an issue I encountered while working on the "Reflected XSS protected by very strict CSP, with dangling markup attack" lab. It seems that due to a recent...

Burp Suite Community Edition v2023.10.3.5 will not update itself

I have Burp Suite Community Edition v2023.10.3.5 and when I manually checked for updates I saw the following: An update is available. Version: Burp Suite Community Edition 2023.10.3.6 However, when I clicked on the...

Cannot access labs with Burp browser

I can log to Portswigger site but when I press Acess the lab, I have an error message: This site can’t be reached x.web-security-academy.net took too long to respond. ERR_TIMED_OUT Same things happened yesterday. I can...

Slow response time labs

Hi, I've noticed two labs having a very slow response time and sometimes causing a failed-to-connect error. It causes the labs to be nearly impossible to solve. The errors and slow response times have occurred in the...

No more activations allowed for this license

Hi!! Unfortunately I have had to reinstall my pc on several occasions and now when I try to install burp suite, I get the error "No more activations allowed for this license" Could you help me ? I need ASAP thank you very...

Burp Browser automatically upgrades http:// requests to https://

I have an application running on http://localhost:3000. It does not use https, and I've set a hostname in my /etc/hosts file so that I can access it via http://myapp:3000 Any time I attempt to load http://myapp:3000 in...

Issues are hidden if the PoC changes after an update

Consider the following scenario: In a new Burp project, you scan a website, and it gives you the following finding: ``` #1 XSS GET /?param=testag6vc%3cscript%3ealert(1)%3c%2fscript%3eln0yc param is vulnerable to...

Burp Browser Doesn't Work After Update

I have updated to the latest stable version v2023.5.2, and the burp browser was uninstalled from the burpbrowser directory. When trying to use the browser, the following error message pops: java.io.IOException: Cannot run...