Bug Reports - Page 104 - Burp Suite User Forum

Burp Suite Professional scanner errors

Hello! In recent versions of Burp Suite Professional 2020.2, the scanner does not find all the SQL Injections that it previously found. This is bugs in scanner. To whom can I describe the details? Thanks a lot.

Opening an existing project with spaces in the directory name

..shows another BURP screen with an error message in red that the file could not be opened. This fails in both picking the file path from the recent projects list and in selecting the file via the Choose File...

Error in XXE Injection Lab

I just came across a problem while attempting the first XXE Injection lab. In the first lab, you have to define an entity and use it to retrieve the /etc/passwd file. I submitted the following payload: <?xml version="1.0"...

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Hi, How do i solve this? I think there may be a problem because whenever i try to solve it, it always goes to a "Invalid Product ID" and it's strange because i even looked at the solution after my SQL codes didn't work and...

Problem

Hello, I have a problem with Burp Suite Pro. I run 6 windows at the same time. After a while, half of the windows themselves close. The remaining windows begin to use a lot of RAM. One of the windows uses 50 GB of RAM, the...

Alert on HSTS not enforced for HTTP Options Request

Hi there, Burp Suite Professional reports a lot of low severity alerts on HSTS not enforced for HTTP Options Request. Is it reasonable to enforce HSTS even on HTTP Options Request? Thks, Gary

Burp crashes every time when stored project is opened

Hi Burp Team, since 2 or 3 versions, Burp crashes every time I close it and reopen a stored project. If that happens, a prompt is shown that the current project needs to be repaired. I am currently running 2020.2.1....

Extension API processHttpMessage does not honor set* methods

Hi there, At least version 2020.2.1 broke the processHttpMessage extender API. You can try to use the "Add Custom Header" extension from BApp to see the issue. It is not setting a header. To confirm it's not that...

BURP Pro v2020.2 throws NullPointerException's and corrupts screen

Collecting proxy history, running items in Repeater results in the screen update failures when clicking the mouse pointer on table rows in Proxy history. I see some broken screen redraw artifacts showing here and there...

Password Exposed in Dashboard

I noticed in a recent class that Burp Pro 2020.2.1 plainly displays the clear text password in the dashboard while an authenticated crawl is running. I can't imagine that this isn't a bug, because it doesn't make sense in...

WebSocket functionality is not working properly

I'm trying to use burp as a reversproxy between an Electron client application and a remote server but apparently the communication once initialized seems to send malformed packages to the client that after a few moments...

Is external service interaction vulnerability exploitable.

Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any...

Configured the Burp Proxy. Applications not working thru proxy

Hi Support, I configured the proxy as per the document in Burp and Mozilla. Applications not working through this proxy. It is just hanging. Kindly suggest.

Turbo Intruder: always updating Content-Length header

Hello, I have been trying to launch a HTTP Desync attack using Turbo Intruder. Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, ...

Burp suite consuming all memory and locking on scanners.

Hello, I acquired the burp pro and since then I leave it doing scanners in domains. However it is always consuming all the memory of the Burp and in the end it crashes without finishing the scanner.

Burpsuite starts up then disapears

On kali linux, when I open burp suite from the command line it opens and as soon as I click start burp suite disappears but is still running

Burp Suite 2 and RSyntaxTextArea library

Hi, one of my plugin, Brida, uses RSyntaxTextArea library for syntax highlighting. Burp Suite 2 seems to use the same library but unfortunately due to a bug (see https://github.com/bobbylight/RSyntaxTextArea/issues/269 )...

Burp scanner using websocket doesn't work with proxy

By using BURP suit on my application , Burp blocks Web socket requests during proxy I configured local proxy on my browser and on Burp application Then tried login my application and starting capture –Web socket request...

Burp Suite Chrome Cert Error: Error net::ERR_CERT_REVOKED

Hi, I'm running: Linux Mint 19.1 Chrome Version 73.0.3683.86 Burp Suite Pro v2.0.18 Beta And I'm getting a bunch of net::ERR_CERT_REVOKED when I use the Burp Suite proxy in Chrome. Cert is working perfectly in...

run-detectors: unable to find an interpreter for /usr/bin/burpsuite

When I try to start burpsuite community edition this error appears. I tried reinstall java multiple times (multiple versions) but it still doesn't work. Before today everything worked fine... Help would be appreciated