Bug Reports - Page 123 - Burp Suite User Forum

Unable to see Issue activity log during Crawling and Audit

Hi , I am using burpsuite professional 2.1.03 and have configured the test url in burp for Crawling and Auditing. During auditng I see Issue activity tab blank even though there are several issues. Please...

Burp 2.1.03 live audit doesn't resume after pause.

When preforming a test on on a site i paused the live audit while manually testing a function. when i hit the resume button button nothing seems to happens other then the play button turning to a pause button. the request...

Burp Collab TCP stream issue

Hi Burp Team, I discovered a bug in Burp's collaborator, which confused me for about two days. Don't know if this is intended but to me it's a bug. What I saw is that if Burp collab receives a single TCP stream with...

VMware Copy and Paste

Running Burp in a Kali VM, copy from host to Burp works. Copying in Burp and attempting to paste in host fails. Copy is working within the VM (Burp to any other local app), but not outside of it. VMware Workstation 10.0.3...

intruder window switching keyboard shortcut not working anymore

On version 1.x I was able to cycle through intruder windows with command+` on OSX. This now only seems to cycle back and forth between the last intruder window to be opened and the burp main app window,

Error while encoding or decoding the character 'ñ' or 'Ñ' in the decoder tab.

The character 'ñ' encoded to base64 is 'w7E=' but on decoders is encoded as '8Q==' as well as the character 'Ñ' that is encoded in the decoders tab as ''0Q==' but the correct encode is 'w5E='.

'SSL Pass Through' traffic is incorrectly forwarded through an upstream proxy

When the SSL Pass Through function is used in combination with an upstream proxy server proxy, the proxy is used incorrectly, causing the proxy to deny TLS connections that are passed through. Expected behaviour would be...

Burp suite shows error codes instead of meaningful result.

Hi team, I am using burp suite v2.1.05. Regarding the result that burp suite showed about Cookie manipulation (DOM-based), I would like to ask you what it means below: Because I can't find any cookie manipulation...

Google Chrome doesn't accept Burp certificate

Even though I added the Burp certificate as I used to do, it seems that Google Chrome doesn't work properly with Burp's certificate. This is a screenshot of Security tab of Chrome https://imgur.com/a/c7GI8PG I'm...

Without Burpsuite XSS not execute

Hello every one, I am facing a poblem. I found a Reflected XSS and report it but they dont accept it . They said ---------------------------------------------------------------------------------------- Thank your for...

Burp 2 - v2.1.06 - Scan / Crawl sends four times the same HTTP request for each entry

Hello, While doing I scan / crawl of a website, I noticed that Burp 2 makes 4x time the same HTTP requests for each crawl action. for instance it will query /robots.txt four times, this happens also when setting the...

License

A few days ago I purchased a Burp Suite Pro license and have still not received an email with the key. Yesterday I sent a support ticket in but have not received any confirmation email or response. I have been using a proton...

Software caused connection abort: recv failed

Hi I get this error message while running BurpSuite: Software caused connection abort: recv failed Would you please help me resolve the problem? Thank you

Web Security Academy, Lab: Exploiting cross-site scripting to steal cookies

Hi, This lab: Exploiting cross-site scripting to steal cookies, might be broken. I can only get my own session cookie sent to me, even with the proposed solution. It seems that the admin is not reading the comments.

MOVE verb doesn't show up in Proxy history

The verb 'MOVE' doesn't show up in the Burp proxy history. It only shows up in the 'Flow' plugin.

bad url intercept

when i browse any url i am getting another url response...

Match / Replace (Intruder Processing Rule) defect

Hi Burp-Team, I have noticed a bug in the Match / Replace Intruder processing rule. I wanted to replace the character " with \". I have tried multiple variants to achieve that but always ended up with a different...

"Lab: Basic SSRF against another back-end system" does not work

"Lab: Basic SSRF against another back-end system" does not work The lab redirects to an error site FYI

100% CPU utilization in Burp Suite Pro 2.1.03

Burp Suite Pro 2.1.03 keeps causing 100% CPU utilization when running an audit scan (earlier known as scanner). The scan task works for approximitely 2500-3000 requests after which it stops. Stopping the scanner does not...

False positives

I am getting too many false positives of "Content type incorrectly stated" vulnerability all the time. My last occurence is: '''The response states that the content type is font/x-woff. However, it actually appears to...