Bug Reports - Burp Suite User Forum

Some of the CORS labs don't work anymore on firefox and chrome

Some of the CORS labs don't work anymore since a new update on firefox and chrome due to new security put into place on third party cookies called 'Partitioned' attribute. While it is still possible to solve the lab by...

Unable to check for updates due to network error, in return resulting to license activation reached its limit

After installing burp and loading the license and tried to do update suddenly the burpsuite pro has an error saying "unable to check for updates due to network error. Please check your network configuration and try again". I...

IScannerInsertionPoint.getPayloadOffsets() causes scan failures when null is returned

Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the...

httpResponseReceived.body() returns everything that follows a HTTP/1.1 100 Continue header as the body

In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...

Lab: Web cache poisoning via an unkeyed query string

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...

I cannot access any of the labs, I keep getting the "Bad Request" error message

Tried Brup's built in browser, Firefox, resetting the learning path.

Labs keep crashing

Hi, I am currently doing the API labs. Every time i try to do a lab in the academy, the servers keep crashing and i have to wait approx 10 minutes for them to come back online and start working again..Just for them to...

Insane Lag

Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.

burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum

The community edition burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum for either SHA 256 or MD5. The file has been downloaded several times, and the result is always the same. "SHA256 ...

Big space after words

I'm using Burpsuite (newest stable) in 2K monitor in ParrotOS, and there seems to be a rendering error only in Request/Response field where I see space cursor far behind character position where I typed. There seems to be a...

'Credit Card numbers disclosed' finding false positive

Hi there, Using Burp 2024.2.1.5. As part of passive scanning a 'Credit Card numbers disclosed' finding was reported: Issue detail: The following credit card number was disclosed in the...

Lab: CSRF where token is tied to non-session cookie solution not working due

Hi, i have an issue getting the solution to the lab working. Whenever i try to set the value of the csrf token with /?search=test%0d%0aSet-Cookie:%20csrfKey=8TIB6mcBo8vOoLZ1nSPocJae9QLOWMAw%3b%20SameSite=None the...

Double cookie header created by session handling rule

If you create a session handling rule to either add or update a cookie value for requests in some scope, it does not work as expected. The setup is: * a enabled session handling rule; * with any given scope; * a "set a...

Can not increase concurent requests

Hi, I have created a new resource pool and changed the number of concurrent requests to 20, but the application works only with 10 concurrent requests. No other setting is changed. I can not increase the default number...

Charset problem in Intruder/Turbo Intruder

On Repeater: "value":"Викторов" On Intruder (before request): "value":"Ð’Ð¸ÐºÑ‚Ð¾Ñ€Ð¾Ð²" On Turbo Intruder (after request): "value":"8:B>@>2" Windows 11. Settings in Character set: Recognize automatically base on...

Software is Preventing Firefox From Safely Connecting to This Site

Hello, I'm having an issue getting Burp Suite professional v2024.2.1.5 edition with Firefox. The issue is on all https:// websites. I am now able to use burp from last 2 days. I know exactly how to install the...

Burp Proxy not working for SOCKS connections

I can't see any WebSocket traffic history in Burp when trying the Academy Lab `Manipulating the WebSocket handshake to exploit vulnerabilities`. I've tried with the following versions of Burp in my Kali Linux...

Inacurate target despite in position tab I set the right target

I'm solving Labs in Web Security Academy, when I send a request to Intruder in the Position tab the target is right, I set the payload but when I launch Intruder after hours my attack doesn't work I noticed in the Restults...

Burp Professional v2024.2.1.3 massive resource consumption

After opening burp and having the program process a small number of intercepted requests (really just logging the requests to proxy history) my computer starts consuming massive amounts of resources. Specifically the Xorg...

Lab Not Working Anymore : CORS vulnerability with trusted insecure protocols

I am trying to solve the mentioned lab, with the payload provided by the academy, by the payload isn't working. When i view the payload, the request is indeed sent to stock subdomain, but it replies with...