Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Not able to access web app with burpsuite browser

Gangambika | Last updated: Aug 18, 2022 08:42AM UTC

I am not able to access the web ui with burpsuite browser . I get a error message "invalid or missing nonce" after adding username,password . I checked with different browsers , but i see same error . Is there any solution for this ? Thanks

Gangambika | Last updated: Aug 18, 2022 08:52AM UTC

Configured proxy on other browser like firefox and tried to access the web app , it gives me the same error. But it works fine when browsed without burpsuite in a normal browser (without any proxy config)

Michelle, PortSwigger Agent | Last updated: Aug 18, 2022 12:25PM UTC

Thanks for your message. Are you seeing this issue just with one specific application or all sites? Can you email some screenshots and details of the site to support@portswigger.net so we can take a closer look at this for you?

Gangambika | Last updated: Aug 19, 2022 08:15AM UTC

Hi , I see this issue with only one web application out of all other web apps I scan with Burp .

Michelle, PortSwigger Agent | Last updated: Aug 19, 2022 08:52AM UTC

Is this app publicly accessible?

Gangambika | Last updated: Aug 22, 2022 04:48AM UTC

Hi Michelle , No its not accessible publicly .

Michelle, PortSwigger Agent | Last updated: Aug 22, 2022 08:02AM UTC

Does this happen with all pages on the site or just specific ones? Do you have any extensions enabled in Burp? If so, can you please test access with the extensions disabled?

Gangambika | Last updated: Aug 30, 2022 02:45PM UTC

Hi Michelle , It happens on the login page itself . After entering the username and password , i see the error "invalid or missing nonce" . we have added many extensions to have a better test coverage . CSRF Scanner CSRF Token Tracker XSS Token Tracker CORS Command Injection Attacker Header Analyzer Log4shell Scanner Multisession Replay Session Auth SQLi Query Tampering SSL Scanner Upload Scanner XSS Validator WSDL Wizard Backslash Powered Scanner CVSS Calculator JSON WebTokens Javascript Security NGINX Alias Traversal Retier.js Active Scan ++ OpenAPI Parser Reflected parameters 403 Bypasser Additional CSRF checks Additional scanner checks Anti CSRF Token from referer Auth Analyser Authz Heartbleed HTTP request smuggler HTTProxy Scanner JSON web token attacker JSON web tokens Potential vulnerability indicator I also now see that , the tool indicates me to unload some extenstions . "Estimated system impact is High"

Michelle, PortSwigger Agent | Last updated: Aug 31, 2022 07:35AM UTC

If you test this site using a copy of Burp that does not have any extensions enabled, do you see the same issue?

Gangambika | Last updated: Aug 31, 2022 05:10PM UTC

Hi, I checked with a copy of Burp Suite with no extensions , I still see the problem .

Michelle, PortSwigger Agent | Last updated: Sep 01, 2022 08:02AM UTC

Can you email support@portswigger.net with some screenshots showing what the request and response look like in Burp and what they look like when you connect to the site using a browser that is not proxied via Burp (if you use the Developer Tools within the browser to take a closer look at the requests)? Do you see the same issue if you use Burp's embedded browser?

Gangambika | Last updated: Sep 01, 2022 09:22AM UTC

Hi , Yes I tried with Burps embedded browser as well . I see the issue there also . Let send the request and response during this . I will email the details

Michelle, PortSwigger Agent | Last updated: Sep 01, 2022 09:41AM UTC

Thanks for the update, we'll await your email.

saleh | Last updated: Jul 22, 2023 12:45PM UTC

This website cannot provide a secure connection

Michelle, PortSwigger Agent | Last updated: Jul 24, 2023 08:11AM UTC