Bug Reports - Page 9 - Burp Suite User Forum

Academy Lab Bug

Hello! I have been working through the Race Conditions topic, and am stuck on the last lab, Exploiting Time-Sensitive Vulnerabilities. I understand the concept, but the requests for username=wiener and username=carlos...

Forcing HTTP/1.0, particularly using Repeater

With the new http/2 normalizing 'feature' I now appear to be unable to use/force HTTP/1.0, which is required for IP address leakage findings: https://portswigger.net/burp/documentation/desktop/http2 I feel there should...

Enterprise Edition: JUnit file cannot be parsed with Jenkins

Hi team, Our team is using the CI-driven scan feature of the Enterprise Edition integrating Jenkins and we are currently facing "XML Parsing Error: reference to invalid character number" error when we try to display the...

Site Map Overwriting Responses on Case-Sensitive Website

Hello, Burp Suite Professional v2024.3.1.3 appears to be overwriting page responses within the sitemap, rather than creating new entries, on case-sensitive websites. I am uncertain when this behaviour started, it was also...

Failed to Load Browser

I am getting below error. I have tried to install Burp to 'c:\tools\Burp' folder but I am still getting error. Can you advise? --------------------------- Error Loading Extension --------------------------- Failed to...

Couldn't load main class

Suddenly after burp was working perfectly I am getting now this error "Couldn't load main class" when i try to launch burp pro.

Blind SSRF with out-of-band detection Doesn't wrok

I have been testing relentlessly on this lab. No referrer header is displayed anywhere. I even manually put it in on every single page. Every single item Id page. I tried burp collab and webhook nothing. Whats wrong?

I cannot access any of the labs, I keep getting the "Bad Request" error message

Tried Brup's built in browser, Firefox, resetting the learning path.

The "Parameters" tab does not appear in "API details"

Hello. Please help me with the following question. When I try to run an API scan (New scan > API scan) I encounter the problem that there is no tab "Parameters" in "API details" (New scan > API scan > API details >...

maybe a problem with the lab : Reflected XSS protected by very strict CSP, with dangling markup attack

I can solve the lab when I play the role of the victim but when I send payload to the victim I don't get the CSRF token

Some of the CORS labs don't work anymore on firefox and chrome

Some of the CORS labs don't work anymore since a new update on firefox and chrome due to new security put into place on third party cookies called 'Partitioned' attribute. While it is still possible to solve the lab by...

Installing Burp Suite on Kali Linux Virtual Machine in a MAC Computer M2 processor

Hi, I am trying to install Burp Suite on Virtual Machine running Kali Linux. My computer is a MAC with M2 processor. I include the following command on my terminal: sudo apt-get install...

Lab freezes when deploying xss

The first two xss labs (I have not tried the others) crashes when xss payloads are sent. For example in the first lab i type the xss payload into the search box and click the search button. And Then, the web site starts load...

IScannerInsertionPoint.getPayloadOffsets() causes scan failures when null is returned

Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the...

httpResponseReceived.body() returns everything that follows a HTTP/1.1 100 Continue header as the body

In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...

Lab: Web cache poisoning via an unkeyed query string

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...

Insane Lag

Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.

burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum

The community edition burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum for either SHA 256 or MD5. The file has been downloaded several times, and the result is always the same. "SHA256 ...

Big space after words

I'm using Burpsuite (newest stable) in 2K monitor in ParrotOS, and there seems to be a rendering error only in Request/Response field where I see space cursor far behind character position where I typed. There seems to be a...

'Credit Card numbers disclosed' finding false positive

Hi there, Using Burp 2024.2.1.5. As part of passive scanning a 'Credit Card numbers disclosed' finding was reported: Issue detail: The following credit card number was disclosed in the...