Bug Reports - Burp Suite User Forum

Lab: CSRF where token is tied to non-session cookie solution not working due

Hi, i have an issue getting the solution to the lab working. Whenever i try to set the value of the csrf token with /?search=test%0d%0aSet-Cookie:%20csrfKey=8TIB6mcBo8vOoLZ1nSPocJae9QLOWMAw%3b%20SameSite=None the...

Double cookie header created by session handling rule

If you create a session handling rule to either add or update a cookie value for requests in some scope, it does not work as expected. The setup is: * a enabled session handling rule; * with any given scope; * a "set a...

Can not increase concurent requests

Hi, I have created a new resource pool and changed the number of concurrent requests to 20, but the application works only with 10 concurrent requests. No other setting is changed. I can not increase the default number...

httpResponseReceived.body() returns everything that follows a HTTP/1.1 100 Continue header as the body

In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...

Charset problem in Intruder/Turbo Intruder

On Repeater: "value":"Викторов" On Intruder (before request): "value":"Ð’Ð¸ÐºÑ‚Ð¾Ñ€Ð¾Ð²" On Turbo Intruder (after request): "value":"8:B>@>2" Windows 11. Settings in Character set: Recognize automatically base on...

Software is Preventing Firefox From Safely Connecting to This Site

Hello, I'm having an issue getting Burp Suite professional v2024.2.1.5 edition with Firefox. The issue is on all https:// websites. I am now able to use burp from last 2 days. I know exactly how to install the...

Burp Proxy not working for SOCKS connections

I can't see any WebSocket traffic history in Burp when trying the Academy Lab `Manipulating the WebSocket handshake to exploit vulnerabilities`. I've tried with the following versions of Burp in my Kali Linux...

Inacurate target despite in position tab I set the right target

I'm solving Labs in Web Security Academy, when I send a request to Intruder in the Position tab the target is right, I set the payload but when I launch Intruder after hours my attack doesn't work I noticed in the Restults...

Burp Professional v2024.2.1.3 massive resource consumption

After opening burp and having the program process a small number of intercepted requests (really just logging the requests to proxy history) my computer starts consuming massive amounts of resources. Specifically the Xorg...

Lab Not Working Anymore : CORS vulnerability with trusted insecure protocols

I am trying to solve the mentioned lab, with the payload provided by the academy, by the payload isn't working. When i view the payload, the request is indeed sent to stock subdomain, but it replies with...

Port Swigger Academy ranking is not updating.

Hi. I noticed I solved like 7 labs, but my position in the hall of fame didn't change. I solved like 5 apprentice and 2 practitioner labs. It's already been 2 weeks without updating, I guess. Is the hall of fame bugged?

Could not start Burp: java.lang.NullPointerException

Hi everybody, Today, after updating to latest version 2.1.06, I'm no longer able to launch Burp Pro. I also tried uninstalling, reinstalling, downgrading, but I always get the same not-so-informative exception message:...

Collaborator servers lack ipv6 support

No IPv6 support for any of the collaborator infrastructure: burpcollaborator1.portswigger.net has address 52.16.21.24 burpcollaborator2.portswigger.net has address 52.16.107.92 Knowing an ipv6 source address for...

" Exploiting clickjacking vulnerability to trigger DOM-based XSS" Lab broken

Hi everyone, it seems like the Lab "Exploiting clickjacking vulnerability to trigger DOM-based XSS" cannot be completed currently. The exploit works right away with Firefox, but it only worked on Chrome when i manually...

Weird CPU spikes on Proxy Http History Tab - Burp Version 2024.1.1.6

I'm running Burp Version 2024.1.1.6 ----------------- I have NO extensions enabled. ----------------- I have no passive scans running (I checked diagnostics to be sure) ----------------- What I'm seeing when I'm...

Burp Suite Professional freezes on launch

I am getting Safe Mode prompt saying "Burp did not start properly last time. Do you want to start it without loading extension?" and on choosing either Yes or No fails to load burp suite. This happens for both saved and...

Target Tab missing from view tab

burp froze and i had to force quit it, upon opening it up again, my target tab was missing. tried restroing it from the view but its not in the list, also tried restoring defualt configuration. Nothing worked

Not showing lab as solved.

I have been trying to solve the CSRF lab for 2 or 3 hours. Even after providing the payload script correctly, it shows as not solved. I have also tried providing the solution that PortSwigger has given, but it still doesn't...

No more activations allowed for this license

I get this for when I try to move my Burp installation to a new computer at work. Can you please add some more for me. This message is really weird, as you're licensing terms seems to be "yeah, it's a per user license, and...

Burp request editor automatically adding closing brackets and not inserting double quotes after slash

Hey folks, As of the latest update to the early adopter (2023.12.1) I've noticed when I edit a request with JSON contents, if I add an opening bracket Burp automatically adds a closing bracket immediately after (much like...