Bug Reports - Burp Suite User Forum

maybe a problem with the lab : Reflected XSS protected by very strict CSP, with dangling markup attack

I can solve the lab when I play the role of the victim but when I send payload to the victim I don't get the CSRF token

Slow lab response times

The lab 'Lab: Reflected XSS with event handlers and href attributes blocked' (https://portswigger.net/web-security/cross-site-scripting/contexts/lab-event-handlers-and-href-attributes-blocked) seems to be responding very...

Availability- The website is too slow now a days

Dear Portswigger Team, I hope this letter finds you well. I am writing to express my frustration and disappointment regarding the current performance issues with the Portswigger website and Portswigger Academy labs. As...

The "Parameters" tab does not appear in "API details"

Hello. Please help me with the following question. When I try to run an API scan (New scan > API scan) I encounter the problem that there is no tab "Parameters" in "API details" (New scan > API scan > API details >...

Some of the CORS labs don't work anymore on firefox and chrome

Some of the CORS labs don't work anymore since a new update on firefox and chrome due to new security put into place on third party cookies called 'Partitioned' attribute. While it is still possible to solve the lab by...

Installing Burp Suite on Kali Linux Virtual Machine in a MAC Computer M2 processor

Hi, I am trying to install Burp Suite on Virtual Machine running Kali Linux. My computer is a MAC with M2 processor. I include the following command on my terminal: sudo apt-get install...

BSCP exam bug

Hello! I had an BSCP exam finished few minutes ago and I failed it. I solved first app in one hour and other time I spent on second app, but can't go even through the first step, I think it might be some issue on the...

Lab freezes when deploying xss

The first two xss labs (I have not tried the others) crashes when xss payloads are sent. For example in the first lab i type the xss payload into the search box and click the search button. And Then, the web site starts load...

I cannot access any of the labs, I keep getting the "Bad Request" error message

Tried Brup's built in browser, Firefox, resetting the learning path.

Unable to check for updates due to network error, in return resulting to license activation reached its limit

After installing burp and loading the license and tried to do update suddenly the burpsuite pro has an error saying "unable to check for updates due to network error. Please check your network configuration and try again". I...

IScannerInsertionPoint.getPayloadOffsets() causes scan failures when null is returned

Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the...

httpResponseReceived.body() returns everything that follows a HTTP/1.1 100 Continue header as the body

In a recent Burp update, httpResponseReceived.body() now breaks if the response starts with HTTP/1.1 100 Continue. The following is an example: HTTP/1.1 100 Continue HTTP/1.1 200 Access-Control-Allow-Origin:...

Lab: Web cache poisoning via an unkeyed query string

Hi, I have tried repeatedly to do this lab with no results. My problem is that whatever request I send the X-Cache always responds to me Miss. Either from the opriginal request to the home, adding a cachebuster payload,...

Labs keep crashing

Hi, I am currently doing the API labs. Every time i try to do a lab in the academy, the servers keep crashing and i have to wait approx 10 minutes for them to come back online and start working again..Just for them to...

Insane Lag

Recently the labs take forever to load, and they go down in like 5 min and its imposible to solve a lab.

burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum

The community edition burpsuite_community_windows-x64_v2024_2_1_5 does not match its checksum for either SHA 256 or MD5. The file has been downloaded several times, and the result is always the same. "SHA256 ...

Big space after words

I'm using Burpsuite (newest stable) in 2K monitor in ParrotOS, and there seems to be a rendering error only in Request/Response field where I see space cursor far behind character position where I typed. There seems to be a...

'Credit Card numbers disclosed' finding false positive

Hi there, Using Burp 2024.2.1.5. As part of passive scanning a 'Credit Card numbers disclosed' finding was reported: Issue detail: The following credit card number was disclosed in the...

Lab: CSRF where token is tied to non-session cookie solution not working due

Hi, i have an issue getting the solution to the lab working. Whenever i try to set the value of the csrf token with /?search=test%0d%0aSet-Cookie:%20csrfKey=8TIB6mcBo8vOoLZ1nSPocJae9QLOWMAw%3b%20SameSite=None the...

Double cookie header created by session handling rule

If you create a session handling rule to either add or update a cookie value for requests in some scope, it does not work as expected. The setup is: * a enabled session handling rule; * with any given scope; * a "set a...