Bug Reports - Page 113 - Burp Suite User Forum

Burp Pro 2020.2.1 Crawler Not Finding Resource

Hello, I'm trying to troubleshoot an issue with Burp Suite Professional's crawler and "Live passive crawl from Proxy" with Burp Suite Professional 2020.2.1. The following request is not being discovered and added to...

Embebbed Browser

Hi, The embebbed browser never work for my. I'm use Kali last version. I check with Embebbed browser health cheack, and report this: Aborting checks due to errors. Unable to start...

Burp Suite Professional 2020.2.1 - Paused Scans

Hello, Running Burp Suite Professional 2020.2.1 on Kali Linux 2020.1. I noticed a potential bug. I've got a scan running with the built in "Never stop audit due to application errors" configuration, and noticed that it...

when Load server academy stuck on my iframe ;(

when I enter the iframe body and then position the file "/" I cannot enter the server academy. this make me cannot use server academy.

Burp RAM Usage

Hi, When i run Burp, it is using too much memory. I have 16 gb ram but burp using 12 gb ram. How can i fix this problem.

404 Error Loading Page

Hello, I keep getting a "404 page not found" error when trying to load my burp suite enterprise page. I can't access the application. Please help me with steps to resolve this.

Burp Suite Professional scanner errors

Hello! In recent versions of Burp Suite Professional 2020.2, the scanner does not find all the SQL Injections that it previously found. This is bugs in scanner. To whom can I describe the details? Thanks a lot.

Opening an existing project with spaces in the directory name

..shows another BURP screen with an error message in red that the file could not be opened. This fails in both picking the file path from the recent projects list and in selecting the file via the Choose File...

Error in XXE Injection Lab

I just came across a problem while attempting the first XXE Injection lab. In the first lab, you have to define an entity and use it to retrieve the /etc/passwd file. I submitted the following payload: <?xml version="1.0"...

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Hi, How do i solve this? I think there may be a problem because whenever i try to solve it, it always goes to a "Invalid Product ID" and it's strange because i even looked at the solution after my SQL codes didn't work and...

Problem

Hello, I have a problem with Burp Suite Pro. I run 6 windows at the same time. After a while, half of the windows themselves close. The remaining windows begin to use a lot of RAM. One of the windows uses 50 GB of RAM, the...

Alert on HSTS not enforced for HTTP Options Request

Hi there, Burp Suite Professional reports a lot of low severity alerts on HSTS not enforced for HTTP Options Request. Is it reasonable to enforce HSTS even on HTTP Options Request? Thks, Gary

Burp crashes every time when stored project is opened

Hi Burp Team, since 2 or 3 versions, Burp crashes every time I close it and reopen a stored project. If that happens, a prompt is shown that the current project needs to be repaired. I am currently running 2020.2.1....

Extension API processHttpMessage does not honor set* methods

Hi there, At least version 2020.2.1 broke the processHttpMessage extender API. You can try to use the "Add Custom Header" extension from BApp to see the issue. It is not setting a header. To confirm it's not that...

BURP Pro v2020.2 throws NullPointerException's and corrupts screen

Collecting proxy history, running items in Repeater results in the screen update failures when clicking the mouse pointer on table rows in Proxy history. I see some broken screen redraw artifacts showing here and there...

Password Exposed in Dashboard

I noticed in a recent class that Burp Pro 2020.2.1 plainly displays the clear text password in the dashboard while an authenticated crawl is running. I can't imagine that this isn't a bug, because it doesn't make sense in...

WebSocket functionality is not working properly

I'm trying to use burp as a reversproxy between an Electron client application and a remote server but apparently the communication once initialized seems to send malformed packages to the client that after a few moments...

Is external service interaction vulnerability exploitable.

Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any...

Configured the Burp Proxy. Applications not working thru proxy

Hi Support, I configured the proxy as per the document in Burp and Mozilla. Applications not working through this proxy. It is just hanging. Kindly suggest.

Turbo Intruder: always updating Content-Length header

Hello, I have been trying to launch a HTTP Desync attack using Turbo Intruder. Here is my script: def queueRequests(target, wordlists): engine = RequestEngine(endpoint=target.endpoint, ...