Bug Reports - Page 95 - Burp Suite User Forum

Burp - Target - Actively scan this host times out

Hello, Starting a new scan from dashboard with Crawl or Crawl and Audit works fine. However If I go to target and use "Actively scan this host" it will time out after some requests. What can I do to mitigate this? Tried...

HTTP Mock extension can't be loaded

HTTP Mock extension loading with a error: java.util.regex.PatternSyntaxException: Unexpected internal error near index 28 ^/Dashboard/GetRepositories\ at java.base/java.util.regex.Pattern.error(Pattern.java:2029) at...

Swagger JSON file taking 20+ hours

Scanning one of our APIs. I read that if you point it at your swagger json definition ( OAS ) file that it would find all the endpoints. However my scan has now taken over 20 hours and is still going. We only have one...

Repeater requests not showing in Sitemap

Hello all, In my sitemap I have a spidered log for www.domain.com/folder/file.json with a 403 response. I sent this request to repeater, removed some headers, and file.json was succesfully returned to me. However, the...

download

when I go through the setup wizard it does nothing. I click finish and it doesn't open the file I can't even find the file all I can find is the file that starts the setup wizard

NullPointerException when opening existing project

My OS crashed with Burp and when trying to load my Burp project, I get: "Failed to create Burp project: NullPointerException". Anything I can try to recover it?

Lab: Authentication Bypass via OAuth implicit flow

After I enter the provided credentials within the lab, I am advised that I either typed in or pasted in the wrong information. I am unable to move forward in my first lab. Please help.

Burp Enterprise check for Cross-site scripting (reflected) encoding issue

In Burp Enterprise the "Cross-site scripting (reflected)" check is delivering findings with Confidence "certain" An example would be as...

SHA256 checksum invalid burpsuite_community_macos_v2020_12_1.dmg

From website: SHA256: e84e694d56dcce7b7b350164e9238dbaa4b1065d83734ff4e3d4c9790bb65fd4 MD5: 7fd04859ec10cd76fe97e3f07518561a Checking file on my system: sha256sum...

Web Security Academy - Reflected XSS into attribute with angle brackets HTML-encoded: Additional solutions

Hi together, I have some feedback for the Web Security Academy :) 1. I couldn't find where to put feedback for the labs. So I hope I'm right here. 2. In the "Reflected XSS into attribute with angle brackets...

Automatic Detection of Open Redirection Vulnerability in Portswiggers related Lab

Hi, why do Burp Professionals's automated scans not detect the open redirection vulnerability in the related "Lab: DOM-based open redirection"...

BurpSuite Error

Was following along with an INE tutorial. Got this message. Wanted to do my small part and report the error. └─# burpsuite 127 ⨯ Jan 21, 2021 12:24:34 PM...

MSSQL Injection not being detected by scanner.

Hi PortSwigger Team, The Professional version scanner is not detecting a simple blind SQL injection in Microsoft SQL server. I know in versions 1.7 and 2.0beta this exact scenario was correctly identified several...

Burp Suite Pro Crash

Burp suite professional crash when I change my keyboard layout to Mandarin input (Pinyin) in Mac OS X 10.14.6

Burp Community Installation on Kali - Pink Screens

I'm having a strange problem on Kali. After installing Burp Community, the startup prompts are all pink and cannot be clicked. I've tried installing with the shell script, the JAR file, and via apt. I've also tried...

Burp freeze

Hi, I tried using the Scanner with the latest Burp, but the problem that the Scanner freezes and never ends when the server does not return a response seems to recur. The url says: Unauthenticated crawl. Estimating...

Burp Enterprise not able to to login using recorded login sequence & auto discover URLs

Hi, I have tried to capture login to our solution suites using burp recorded login sequencer and applied the generated json in the burp enterprise edition site settings. All the scan is getting completed with a failure...

test1

message1

Scanner application login not trying all buttons

I have a website that has the following login form: <form id="example" name="example" method="POST" target="_self" action="https://example.org/e/?login" accept-charset="UTF-8"> <input type="text" name="username"...

v2020.7 Embedded Browser Doesn't Launch on Parrot

Hello, I just wanted to report that the embedded browser in 2020.7 does not launch with a default Parrot OS (https://parrotlinux.org/) configuration. Attempts to launch it return "net.portswigger.devtools.client.a: Refusing...