Bug Reports - Burp Suite User Forum

Can not increase concurent requests

Hi, I have created a new resource pool and changed the number of concurrent requests to 20, but the application works only with 10 concurrent requests. No other setting is changed. I can not increase the default number...

Software is Preventing Firefox From Safely Connecting to This Site

Hello, I'm having an issue getting Burp Suite professional v2024.2.1.5 edition with Firefox. The issue is on all https:// websites. I am now able to use burp from last 2 days. I know exactly how to install the...

Charset problem in Intruder/Turbo Intruder

On Repeater: "value":"Викторов" On Intruder (before request): "value":"Ð’Ð¸ÐºÑ‚Ð¾Ñ€Ð¾Ð²" On Turbo Intruder (after request): "value":"8:B>@>2" Windows 11. Settings in Character set: Recognize automatically base on...

Burp Proxy not working for SOCKS connections

I can't see any WebSocket traffic history in Burp when trying the Academy Lab `Manipulating the WebSocket handshake to exploit vulnerabilities`. I've tried with the following versions of Burp in my Kali Linux...

Inacurate target despite in position tab I set the right target

I'm solving Labs in Web Security Academy, when I send a request to Intruder in the Position tab the target is right, I set the payload but when I launch Intruder after hours my attack doesn't work I noticed in the Restults...

Burp Professional v2024.2.1.3 massive resource consumption

After opening burp and having the program process a small number of intercepted requests (really just logging the requests to proxy history) my computer starts consuming massive amounts of resources. Specifically the Xorg...

Lab Not Working Anymore : CORS vulnerability with trusted insecure protocols

I am trying to solve the mentioned lab, with the payload provided by the academy, by the payload isn't working. When i view the payload, the request is indeed sent to stock subdomain, but it replies with...

Port Swigger Academy ranking is not updating.

Hi. I noticed I solved like 7 labs, but my position in the hall of fame didn't change. I solved like 5 apprentice and 2 practitioner labs. It's already been 2 weeks without updating, I guess. Is the hall of fame bugged?

Could not start Burp: java.lang.NullPointerException

Hi everybody, Today, after updating to latest version 2.1.06, I'm no longer able to launch Burp Pro. I also tried uninstalling, reinstalling, downgrading, but I always get the same not-so-informative exception message:...

Collaborator servers lack ipv6 support

No IPv6 support for any of the collaborator infrastructure: burpcollaborator1.portswigger.net has address 52.16.21.24 burpcollaborator2.portswigger.net has address 52.16.107.92 Knowing an ipv6 source address for...

" Exploiting clickjacking vulnerability to trigger DOM-based XSS" Lab broken

Hi everyone, it seems like the Lab "Exploiting clickjacking vulnerability to trigger DOM-based XSS" cannot be completed currently. The exploit works right away with Firefox, but it only worked on Chrome when i manually...

Weird CPU spikes on Proxy Http History Tab - Burp Version 2024.1.1.6

I'm running Burp Version 2024.1.1.6 ----------------- I have NO extensions enabled. ----------------- I have no passive scans running (I checked diagnostics to be sure) ----------------- What I'm seeing when I'm...

Burp Suite Professional freezes on launch

I am getting Safe Mode prompt saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp suite. This happens for both saved and...

Target Tab missing from view tab

burp froze and i had to force quit it, upon opening it up again, my target tab was missing. tried restroing it from the view but its not in the list, also tried restoring defualt configuration. Nothing worked

Not showing lab as solved.

I have been trying to solve the CSRF lab for 2 or 3 hours. Even after providing the payload script correctly, it shows as not solved. I have also tried providing the solution that PortSwigger has given, but it still doesn't...

No more activations allowed for this license

I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...

Burp request editor automatically adding closing brackets and not inserting double quotes after slash

Hey folks, As of the latest update to the early adopter (2023.12.1) I've noticed when I edit a request with JSON contents, if I add an opening bracket Burp automatically adds a closing bracket immediately after (much like...

'paste from file' interface gets bugged and does not allow to open files

hi, i experienced some issues with the 'paste from file' functionality in the repeater. the 'choose a file to paste from' interface gets bugged and either does not show any files in the folder or i am unable to open them...

Lab: Remote code execution via polyglot web shell upload giving 500 response

tried uploading various .php files in the lab, they all get uploaded, but when we go back to /my-account. the request for GET /files/avatars/virusimage.php or whatever the name of the .php file is. it gives 500 error. added...

Vulnerable JavaScript dependency doesn't show up when I use the base URL as the start URL

Hi - I work for a company that maintains a number of websites, Burp Suite Pro found a Vulnerable JavaScript dependency in one of the JS libs on one of the sites, but I noticed that our more frequent scans done with Burp...