Bug Reports - Page 96 - Burp Suite User Forum

IMessageEditor does not show markers

When I set up a marked request or response for a IMessageEditor instance, it does not appear to be honored. The editor loads the message okay, but there aren't any markers on it. So if I do something like this: int[]...

License problems

1)We buy new license for our burp enterprise server 2)Import license - success 3)Update server from update page (we dont update old server for few month) - license become status "Requires activation" 4)If we try update...

Error while working with Burpsuite

Whenever I'm browsing to any website while burp proxy is ON it just giving me an Error: No route to host(Host unreachable) Please help me out with this !

Enterprise - Problems on this URL - Unknown problem

Hello Forum, When reviewing scans that fail the information under Problems on this URL seems very useless. I am finding that every site that is failing shows the same issue under Problems on this URL - Unknown Problem. ...

burpsuite community

when i download the burpsuite community, it show me 3 hours to finished a download and it first i was thinking that the problem was with my internet and i tried to download another two application and the 2 application...

Batched (or stacked) queries SQLi

At https://portswigger.net/web-security/sql-injection/cheat-sheet chapter #Batched (or stacked) queries it is written: "MySQL Does not support batched queries." Perhaps I understand it wrong, but when I'm starting a...

IndexOutOfBoundsException

$ java -version openjdk version "12.0.2" 2019-07-16 OpenJDK Runtime Environment AdoptOpenJDK (build 12.0.2+10) OpenJDK 64-Bit Server VM AdoptOpenJDK (build 12.0.2+10, mixed mode) $ java -Xmx2G -jar...

Rate limit bug

Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious...

Enterprise API Custom Configuration Failure

When I create a custom configuration I am unable to use the Custom Configuration with the API to execute a scan. The call is "curl -vgw "\n" -x POST 'https://[myburpscanner]:8443/api/[user api key]/v0.1/scan' -d...

Scanner doesn't report previously found issues

When performing a second crawl and audit on the same website, the issues are not included in the results. The detail show that issues have been found in the app header, but they aren't loaded in the results. You'd have to...

It was observed that password and security answers are in plain text when captured the request in burpsuite

Hi Team, We have developed application using .net.It was observed that password and security answers are in plain text when captured the request in burpsuite. how can i avoid showing password as plain text? Please let...

Lab "Exploiting blind XXE to exfiltrate data using a malicious external DTD" failing

Hi Support Team, It looks like this lab is not working pretty fine. I have been a long while trying to solve it. Even more, I went step by step to the solution and the result I am being returned is not being accepted by the...

Web academy lab issue

Victim never makes call to forgot password through exploit url or it is not shown in access log reference : https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-poisoning

Unable to reply back to a created forum post

Unable to reply back to a forum post , anti forgery token issue

Copied Project uses first request in repeater rather than last made

When a project is copied, after loading it, all the requests in the repeater tab use the first request made rather than the latest. This create a very annoying situation when loading it the copied project for the first...

Opening Existing Project Stalls - 2

When we open an existing project and choose a file and click on "open" the application gets stuck over there with "open" button having dark theme highlight. Does not open the project. Need to go back to previous window where...

Content discovery is not directly mapped to site map

Hi, Performing content discovery and looking at the Site map of the discovery process one can see that the items found are not reported directly to the main 'Target Site Map'. In many cases and with the current...

Burp Pro API Scan Error

Dear Support, We are facing a problem, not sure if it's an issue or we are doing something wrong. The scenario is the following: 1. We start Burp and REST API Service 2.POST a scan to url "https://example.com" 3.We...

Unable to load JAR file

command to initialise burp: java -Xmx1G -Djava.awt.headless=true -classpath "headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar;burpsuite_pro.jar" burp.StartBurp burp version:...

Why is the Burp Suite JAR file so big?

When Burp prompts me to install an update, it gives me the option of a Windows installer, a MacOS installer, a Linux installer, or a JAR file. The installers are all around 160-180 MB in size: this seems reasonable, since...