Bug Reports - Page 113 - Burp Suite User Forum

Transparent proxy (invisible mode) doesn't work for OSX 10.14.6

Burp Invisible Proxy doesn't work for OSX 10.14.6 if the Application Firewall is turned on. To proxy HTTP requests from iOS device, I configured testing environment as follows: * I paired iOS device to MacBook via...

NTLM Authentication Issues in 1.7.33

Our Red Team discovered a bug in webapps that utilize NTLM authentication. The NTLM auth requests were not being properly sent from Burpsuite 1.7.33 and access was consistently denied with working credentials. Taking Burp...

crawl/URL's to Scan error

I'm having an issue (or is it a bug) whereby I have a website on a domain that has an underscore (for example, http://site_test.blah.com), but setting up a crawl scan type gives me 'Invalid URL to scan' error despite the...

Plugin's Java runnable processes keep running, even after fully removing the plugin.

Using Burp Suite v2.1.03, runnable Java processes (Java: ScheduledFuture) are not killed or interrupted, when stopping or even removing the plugin. Reproduction: 1. Install Logger++ from the BApp store. 2. Enter an...

Unable to take over parameter in macro

Hi I'm trying to run multiple requests after one. Request 1) Send a post request with fixed data. -> The result gives me a sessionid Request 2) Send a new post request with the previously received sessionid. I...

Custom crawl user-agent cannot contain colon (Burp 2.1.0.3)

I am setting up a custom crawler function, and tried to set-up a user-agent like this: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0 However, this does not succeed and gives the...

Chinese issue appears at issues view

myBurp issues view ?Add a Chinese issue appears, showing garbled characters? Plasese help me; Thanks ! this is my base64ed...

Very long crawl times

Hi, Since Burp 2.0 is out of beta I started using it today for a project I'm working on. While crawling a website, I noticed it took a very long time to crawl the website. So I decided to run a test on demo.testfire.net...

Burp Pro v2.1.03 Doesn't save a project

Hi, I have a company licence however my login no longer appears to work hence this post. I have been testing using a temporary project and would like to save my burp project however every time I attempt this I receive...

project file not saved

Burp 2.1.02 is not saving my project files. Latest case, I worked until 6PM yesterday then shut everything down. When boot up and open the Burp project file today, all of my afternoon work is gone. I have it configured to...

Unable to use Burp with latest version of Firefox

Hello, No matter what website I try to access, I get the "Invalid client request received" from Burp and then this error. It might be an issue with Firefox because it creates a request with GET...

Installion Error

In Static members: In action "Backup agent.config file [Run script]" (screen "Installation location"), property "Script": java.nio.file.InvalidPathException: Illegal char <:> at index 10: ${compiler:release.version} at...

questions for bugs

How much does it take to find a bug using burpsuite? And is there a reason why i cant find any? Thanks!

Burp hotkeys are not working

- Ubuntu 18.04 - Burp Suite Pro For some reason Burp doesn't receive Ctrl + [A-Z] hotkeys, but Ctrl + [0-9] work just fine. Restoring defaults and reinstalling Burp doesn't solve the issue. Seems more like a system...

Not able to intercept one application using https

Dear Team, I am not able to intercept one application which is using https(Please note : Burp works perfectly fine with other HTTP's application) Getting below errors is burp's error logs:- - Attempting to auto select...

Web server's SSL (HTTPS) does not agree with Firefox 62

Firefox 62 offers the following "cipher suites" TLS_AES_128_GCM_SHA256 (0x1301) TLS_CHACHA20_POLY1305_SHA256 (0x1303) TLS_AES_256_GCM_SHA384 (0x1302) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256...

Burp not reporting XSS issues

I've been using Burp for about 2 years, and Burp has been great at reporting XSS on our websites. It does not report it via normal scanning (1.x), it would report the issue if i found a XSS manually using proxy intercept....

Burp v1.7.24+ NTLM Issues

A large number of our app testing consultants at SecureWorks have noted that NTLM authentication stopped working once we upgraded past Burp v1.7.23. We have had to downgrade versions to get things working smoothly with NTLM,...

Crawl/Audit detailed scope configuration does not persist when selected from library

When performing a Crawl+Audit or Crawl, Scan details > Detailed scope configuration > Included URL prefixes, changes are saved if typed manually but not if populated by "Select from library". The url list appears correctly...

Content-Disposition: attachment downloads do not render

Hi, image file (jpegs) downloaded with the response header Content-Disposition: attachment does not have a render tab in the new version of Burp. This means that you cannot see the images within Burp. An example response...