Burp Suite User Forum

Create new post

False Negative in AngularJS XSS?

Hello, I've a vulnerable Web application where injection inside an AngularJS 1.0.0 context is possible. That leads to a XSS via {{...}}, that is easily exploitable. I know that, at some point, Burp Suite managed to...

Last updated: Jan 21, 2020 10:01AM UTC | 4 Agent replies | 5 Community replies | Bug Reports

Need clarification on the Burp Suite Pro

Hi, We have one of the clients requesting for document sign off, Can you please clarify the attached for Burp Suite Pro? Is there any partners who can deliver the training on this tool, can you please connect to...

Last updated: Jan 20, 2020 10:01AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Confirmed false-negative related to AngularJS XSS

Hi! Creating a new ticket given that the previous one 1) doesn't in my cases 2) isn't very clear https://support.portswigger.net/customer/en/portal/questions/17690810-false-negative-in-angularjs-xss- Burp Suite will...

Last updated: Jan 17, 2020 01:39PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scanning just seems to stop after a while (using 2.1.05 and 06)

This is my first time using the new 2.x UI. I'm not sure everything is configured correctly, but I think so... I started a scan using my own config (so I could turn off some of the Issues to scan for). It seemed to work...

Last updated: Jan 16, 2020 02:22PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Burp Collaborator polling and certificate handling

Hello there, we are running a working collaborator (using a professional 2.1.07 jar for both client and server) with some kind of strange problem. The wildcard certificate is pulled in correctly by burp and all services...

Last updated: Jan 16, 2020 01:37PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Burp Search Function does not show original and edited Request

When using Burp's search functionality, the results only contain a request and response pair for each result item. However, it may be the case that there is an original request as well as an edited request (e.g., as a...

Last updated: Jan 15, 2020 03:50PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Wrong settings for config "Audit checks - extensions only"

Hello, the default configuration entry "Audit checks - extensions only" enables more than extension-provided checks, which is more than surprising (and very disturbing). Go to the menu bar, then select "Burp >...

Last updated: Jan 15, 2020 11:51AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Grep - Extract and regexp group = "null"

Hello, when editing Grep - Extract entries, the regexp group is set to "null" after edition. How to reproduce: - create a new Intrduer attack, go to Options > Match & Replace - click Add then "Extract from regexp...

Last updated: Jan 15, 2020 11:23AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Different Bugs on Re-scanning same project/file

Hi, I did a scan a saved its file/script. Now when i run the same script multiple times it shows different results on scanning the same script. It showed only informational issues one time and on running it second time it...

Last updated: Jan 13, 2020 04:54AM UTC | 5 Agent replies | 6 Community replies | Bug Reports

False Positive Still Show in Critical Bug Counts

I have screenshots I can send in for this. In at least two areas in the UI, the 'Dashboard' and the 'View Details' linked off of the Dashboard, items that are marked as false positives still show up in the 'Issues...

Last updated: Jan 09, 2020 08:17AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Fatal alert: handshake_failure for TLS1.2 enabled site

Hey forum, I've got a problem where Burp is not able to proxy traffic to a certain domain due to SSL/TLS handshake failure. The site is configured to use TLS1.2 with a strong key exchange and key. This is from Chrome's...

Last updated: Jan 06, 2020 06:20PM UTC | 6 Agent replies | 17 Community replies | Bug Reports

Burp suite Community 2.1 Crawl

Hello, I'm not sure am i doing something wrong or why Crawl scan is not working? After i configured settings and started it, it says "Crawl finished." under dashboard. Other thing i noticed that under "Proxy" and...

Last updated: Jan 06, 2020 01:46PM UTC | 9 Agent replies | 9 Community replies | Bug Reports

handshake failure: unknown_ca

Hello Im using latest Burp in Manjaro 64 bit Im trying to capture SSL traffic of one android app i have modified app to capture ssl traffic using network_config xml file, also i have added CA certificate as system and...

Last updated: Jan 06, 2020 09:24AM UTC | 5 Agent replies | 5 Community replies | Bug Reports

TLS Problems

I get on 90% hosts the ssl error for handshake: java.net.ssl.SSLException: Received fatal alert: hanshake_failure. I'm using burp with embedded JRE and SNI extensions disabled. I've also tried to remove TLS 1.3 in list...

Last updated: Jan 03, 2020 08:17AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

RegEx in HTTP history search crashes burp

Hi, I have Pro version of burp as a employee of pentest team. Recently I had an issue that my project file got corrupted after using poorly optimized RegEx in burp search engine. RegEx failed to finish in reasonable time...

Last updated: Jan 02, 2020 01:51PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

SQL Injection Detection Problem

Hello, I comminicated with you before about this problem (15 - 20 November, email: enessanal@hotmail.com.tr or this email address). But I couldn't submit a sample case. But I've found an example. Web for Pentester I is...

Last updated: Dec 24, 2019 03:22PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burpsuite livelocks in splashscreen without error message

In a fresh install of Kali Linux on a Raspberry Pi 2 Burpsuite will lock up on the Splashscreen. Steps to reproduce: 1. Flash Kali Linux to an SD-Card. 2. Install and boot. 3. Run the following commands: # apt...

Last updated: Dec 23, 2019 03:51PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

HTTPS error on latest 2.1.07

Hi, i am unable to load any webpages from https://developer.mozilla.org/ Error: Received fatal alert: handshake_failure

Last updated: Dec 23, 2019 02:49AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Error Dispatching scan to 'Agent'

BurpSuite edition: Enterprise Installation type: Server & Agent(1) at one computer Operating system: Ubuntu 18.04.3 LTS Problem: any scheduled scan ends with 'Error Dispatching scan to 'Agent' Agent is authorised and...

Last updated: Dec 20, 2019 06:43PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

burp suite pro only runs as admin

Hi folks. I'm having an issue running Burp Suite pro on a windows 10 machine. It only seems to run as admin. When I run it as a user, the splash screen opens and closes straight away. It works on other windows 10 machines so...

Last updated: Dec 19, 2019 08:49AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Page 113 of 147

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image