Bug Reports

Report a bug

  • bug in https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses

    Hi! I was running through the portswigger web security academy because I'm looking forward to be a bounty hunter because I need a job and this is an area of interest for me. I found that in this lab, I ran through the steps of the solution but when i brute-forced the blind sqli and got a password it never let me log in to the admin page, perhaps theres some kind of issue there? Thank y...

    1 Agent Answer    0 Community Answer
    May 03, 2019 07:11PM UTC
  • Burp 2.0.20beta Issues are not listed in "Issue activity"

    Hi, I have a problem with the active scanner of Burp beta. Often, issues found during scan are shown in "Audit items" -> "Issues" but are not listed in the "Issue activity" tab. For example, in "Audit items" the scan has an item with one issue of high and two of medium severity and two information disclosures. However, in the tab "Issue activi...

    1 Agent Answer    0 Community Answer
    May 02, 2019 10:39AM UTC
  • Url decode shortcut doesn't work

    Hello ! I have an issue with burp suite professionnel . The shortcut ctrl+shift+u for url decode doesnt work. If I change the shortcut for this action it works I ask a few friends and the bug seems to be on everyone. Thanks

    1 Agent Answer    2 Community Answers
    Apr 27, 2019 09:03AM UTC
  • Control Click Copy in Intruder Not working.

    I am trying to control-click and copy a column in Intruder with no luck. Single and double clicking is not working. Double clicking with the control key held down simply sorts. This is using versions 2.0.19 (Windows) and 2.0.20 (Linux).

    2 Agent Answers    2 Community Answers
    Apr 27, 2019 12:49AM UTC
  • Intruder variable throttling disabled

    Hi, i noticed that in BSPro 2.0.20beta i'm unable to setup variable throttling for the Intruder attack tool, the "step" field just remains disabled. https://i.imgur.com/LZBstas.png

    1 Agent Answer    1 Community Answer
    Apr 26, 2019 04:58PM UTC
  • Getting MOZILLA_PKIX_ERROR_MITM_DETECTED when trying to run burp.

    Got this error out of nowhere as I had been running burp regularly on firefox without issues earlier in the day. I ran into the same problem on chrome as well. I have deleted the certificate, cleared the cache, unistalled firefox and cleared the profile folder, reinstalled firefox and reinstalled the certificate, and still cannot get past the error. Any insight?

    3 Agent Answers    2 Community Answers
    Apr 25, 2019 09:11PM UTC
  • Burp Suite Pro, v2.0.20beta Load Scope Buttons do not work.

    Burp Suite Pro, v2.0.20beta: In Target/Scope (tab), a scope set (Include and Exclude from scope) can be exported using the "Save" option from the gear icon. The scope can be reloaded in another session by using the "Load" option from the gear icon, but not from the "load" buttons on the left of the Include or Exclude windows.

    1 Agent Answer    0 Community Answer
    Apr 25, 2019 03:09PM UTC
  • 2.0.0beta20 crashes due to Out of Memory error

    I just started using beta20 and it has now crashed on me twice in two days. Once in the scan phase and just now while being a plain proxy (although with Active Scan++ enabled). hs_err log says Out of Memory Error. This VM has 4GB of memory, which is the minimum required. I've used several previous 2.0.0 series beta versions on this VM before and this hasn't happened with them. Is ...

    1 Agent Answer    0 Community Answer
    Apr 25, 2019 09:40AM UTC
  • Ignores JSON parameters after {}

    Dear, I found that the string {} in JSON of a request body, meaning an empty object, makes following parameters not recognized as the ones. The version is Burp Suite Professional v1.7.37. For example, I have a POST request with the following body in Intruder: { param_a: "val_a", param_b: { param_b_1: 10, param_b_2: true }, param_c: {}, param_d: 80, pa...

    2 Agent Answers    1 Community Answer
    Apr 23, 2019 06:13AM UTC
  • False Negative in AngularJS XSS?

    Hello, I've a vulnerable Web application where injection inside an AngularJS 1.0.0 context is possible. That leads to a XSS via {{...}}, that is easily exploitable. I know that, at some point, Burp Suite managed to detect this vulnerability (I even have screenshots!). However, I tried today with v2beta20 and v1.7.37, and I didn't manage to find this bug through an Active Scan. ...

    2 Agent Answers    3 Community Answers
    Apr 17, 2019 04:00PM UTC