Bug Reports - Page 140 - Burp Suite User Forum

Intruder: Remove several payloads at the same time

Hi, In intruder, when creating the list of payloads to be injected. If several entries are selected from the list (by using shift or ctrl button) and Remove options is clicked, it does not remove all the selected entries...

a couple of UI bugs

Hi, long time user and supporter :D Two small glitches that caught my eye today: 1. tool tips need to be updated with information that issues were moved to Target tab (and that Target is what you need to save in...

Dragger not showing after 200 requests

Dragger not showing after >200 requests. Check this https://www.dropbox.com/s/yu9bx9misf57b31/Untitled.png?dl=0

Probable bug: SQL injection avoidable false positive ?

"Issue detail The [...redacted...] cookie appears to be vulnerable to SQL injection attacks. The payload ' and '6143'='6143 was submitted in the Auth-Portal cookie, and a database error message was returned. You should...

Infinite .Null Files being created when using generateScanReport() with the file format "HTML"

As part of my extension, I am using the generateScanReport() to create both the XML file and the HTML file. However, when I use generateScanReport() with the HTML format, while the HTML file does get created, files with the...

Parameter of HTTP POST with Content-Type multipart/form-data could not be updated

Hi all I'm not sure if I'm doing something wrong, but I experienced an issue when trying to remove or update a parameter of a multipart/form-data HTTP POST from a java extension. The original parameter is not removed but...

Scheme-relative URL are treated as root-relative ones

Tested on v1.6.26 / Linux / Oracle 1.8.0_45-b14 In Repeater (at least), a header like "Location: //nicob.net" is treated as a redirection to "//nicob.net" on the same host. However, browsers will redirect to...

Burp Closes Randomly.

Hi There! I'm a user of Burp Pro, I have recently switched to a Virtualized Environment (VirtualBox) running Kali Linux. Every so often Burp will randomly close. It can happen from using the Intruder or just capturing...

Issue Definitions

Not properly sorted by name. Capital letters should not make a difference. Findings should be mapped to OWASP Top 10 and WASC.

Hydra (http-get-form) + Burp = Missing GET parameters

## Issue * When using `http-get-form` with `HYDRA_PROXY_HTTP` set and using Burp as the proxy, the GET parameters are not being passed on. * Using other proxies (such as ZAP), or not using a proxy at all, the GET...

Issues not visible if related to 404 resources

Hello, the scanner found a XSS in the referer header, and the answer is a custom 404 page with the XSS in the answer. However in the Target tab, the XSS is not visible if "Hide not-found items" is not disabled. Maybe...

Failure to open a Macro Recorder dialog

Hi, Sometimes Burp fails to open a Macro Recorder dialog ( Options / Sessions / Macros > Add > Record macro ). I confirmed that it happens when Burp Proxy receive requests frequently (1req/5sec or more, I'm testing web...

Burp doesn't properly parse a website which has AngularJS

Many of our websites incorporate AngularJS now. However the content isn't always properly parsed or stays in an loop where it is impossible to input anything through the browser. Has anyone seen this behaviour and has a...

XSS detection is inconsistent

HI, I did Active scan for one request on form submission using burp pro v 1.6.17 . It didn't listed any XSS for one hidden parameter which is not encoded . It I do same thing using Intercept proxy XSS is listed . Later...

Error while running Burp

# # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_UNCAUGHT_CXX_EXCEPTION (0xe06d7363) at pc=0x000007fefd97b3dd, pid=1172, tid=5828 # # JRE version: Java(TM) SE Runtime Environment...

"Open redirection" issues share duplicite information with "Cross-domain Referer leakage"

After running Burp Active scan, I observed few Open redirection issues. However, when I check Cross-domain Referer leakage issues, there are many reported which I don't think should be there as they were caused by an Open...

Extender: isEnable called without proper context

Hi, While writing new extension (IMessageEditorTabFactory) I've encountered a small bug. Code is available here: https://raw.githubusercontent.com/carstein/burp-extensions/master/Argonaut.py While loading extension I...

off by one when saving intruder responses

When you save server responses from the Intruder the files are labelled from 1 but looking at the requests in the Intruder panel they start at 0 with the baseline request. I think the file naming should match the request...

Target Analyzer - Parameters - specific POST request - not showing correct data when opened

When I go to Target Analyzer - Parameters, I can see all occurrences of a specific parameter that Burp discovered. When I want to search e.g. for the parameter with name "parameter1", I can see all occurrences in the middle...

Multi monitore issue

Hi, I am using the current release of your Burp Suite with the following issue. Having two more screens left of my default screen the application hangs as soon as I put it onto any other than the default screen. Having...