Bug Reports - Page 121 - Burp Suite User Forum

Burp Profession Scan missing HIGH Severity Issue

Hi, I have scanned same application in Burp Professional v2 and Burp Enterprise Edition v1.0.15beta but as per the reports Burp Pro is missing in HIGH Severity i.e. SQL issue in report whereas Enterprise Report is...

Bugs

Any pieces of the puzzle that can be found?

installation on mac throws java error

same issue using the dmg installer or jar file directly Exception: java.lang.ClassCastException: class com.install4j.runtime.beans.actions.misc.LoadResponseFileAction cannot be cast to class...

Repeater 'Send' button acting differently for WebSockets

Hello, in the HTTP version of Repeater, clicking on the 'Send' button (or using the corresponding hotkey, here 'Ctrl + G') sets the focus on the request editor. However, the exact same action in the WebSockets version of...

Jenkins scan giving error 'Build step failed with exception java.io.IOException:...'

Hello Team, We are scanning one application from Jenkins using plugin: Burp Scan. If we scan the application from Burp Enterprise then scanning is happening, where as when we try to scan same application from Jenkins...

False Negative in AngularJS XSS?

Hello, I've a vulnerable Web application where injection inside an AngularJS 1.0.0 context is possible. That leads to a XSS via {{...}}, that is easily exploitable. I know that, at some point, Burp Suite managed to...

Need clarification on the Burp Suite Pro

Hi, We have one of the clients requesting for document sign off, Can you please clarify the attached for Burp Suite Pro? Is there any partners who can deliver the training on this tool, can you please connect to...

Confirmed false-negative related to AngularJS XSS

Hi! Creating a new ticket given that the previous one 1) doesn't in my cases 2) isn't very clear https://support.portswigger.net/customer/en/portal/questions/17690810-false-negative-in-angularjs-xss- Burp Suite will...

Scanning just seems to stop after a while (using 2.1.05 and 06)

This is my first time using the new 2.x UI. I'm not sure everything is configured correctly, but I think so... I started a scan using my own config (so I could turn off some of the Issues to scan for). It seemed to work...

Burp Collaborator polling and certificate handling

Hello there, we are running a working collaborator (using a professional 2.1.07 jar for both client and server) with some kind of strange problem. The wildcard certificate is pulled in correctly by burp and all services...

Burp Search Function does not show original and edited Request

When using Burp's search functionality, the results only contain a request and response pair for each result item. However, it may be the case that there is an original request as well as an edited request (e.g., as a...

Wrong settings for config "Audit checks - extensions only"

Hello, the default configuration entry "Audit checks - extensions only" enables more than extension-provided checks, which is more than surprising (and very disturbing). Go to the menu bar, then select "Burp >...

Grep - Extract and regexp group = "null"

Hello, when editing Grep - Extract entries, the regexp group is set to "null" after edition. How to reproduce: - create a new Intrduer attack, go to Options > Match & Replace - click Add then "Extract from regexp...

Different Bugs on Re-scanning same project/file

Hi, I did a scan a saved its file/script. Now when i run the same script multiple times it shows different results on scanning the same script. It showed only informational issues one time and on running it second time it...

False Positive Still Show in Critical Bug Counts

I have screenshots I can send in for this. In at least two areas in the UI, the 'Dashboard' and the 'View Details' linked off of the Dashboard, items that are marked as false positives still show up in the 'Issues...

Fatal alert: handshake_failure for TLS1.2 enabled site

Hey forum, I've got a problem where Burp is not able to proxy traffic to a certain domain due to SSL/TLS handshake failure. The site is configured to use TLS1.2 with a strong key exchange and key. This is from Chrome's...

Burp suite Community 2.1 Crawl

Hello, I'm not sure am i doing something wrong or why Crawl scan is not working? After i configured settings and started it, it says "Crawl finished." under dashboard. Other thing i noticed that under "Proxy" and...

handshake failure: unknown_ca

Hello Im using latest Burp in Manjaro 64 bit Im trying to capture SSL traffic of one android app i have modified app to capture ssl traffic using network_config xml file, also i have added CA certificate as system and...

TLS Problems

I get on 90% hosts the ssl error for handshake: java.net.ssl.SSLException: Received fatal alert: hanshake_failure. I'm using burp with embedded JRE and SNI extensions disabled. I've also tried to remove TLS 1.3 in list...

RegEx in HTTP history search crashes burp

Hi, I have Pro version of burp as a employee of pentest team. Recently I had an issue that my project file got corrupted after using poorly optimized RegEx in burp search engine. RegEx failed to finish in reasonable time...