Bug Reports - Page 127 - Burp Suite User Forum

Installion Error

In Static members: In action "Backup agent.config file [Run script]" (screen "Installation location"), property "Script": java.nio.file.InvalidPathException: Illegal char <:> at index 10: ${compiler:release.version} at...

questions for bugs

How much does it take to find a bug using burpsuite? And is there a reason why i cant find any? Thanks!

Burp hotkeys are not working

- Ubuntu 18.04 - Burp Suite Pro For some reason Burp doesn't receive Ctrl + [A-Z] hotkeys, but Ctrl + [0-9] work just fine. Restoring defaults and reinstalling Burp doesn't solve the issue. Seems more like a system...

Not able to intercept one application using https

Dear Team, I am not able to intercept one application which is using https(Please note : Burp works perfectly fine with other HTTP's application) Getting below errors is burp's error logs:- - Attempting to auto select...

Web server's SSL (HTTPS) does not agree with Firefox 62

Firefox 62 offers the following "cipher suites" TLS_AES_128_GCM_SHA256 (0x1301) TLS_CHACHA20_POLY1305_SHA256 (0x1303) TLS_AES_256_GCM_SHA384 (0x1302) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256...

Burp not reporting XSS issues

I've been using Burp for about 2 years, and Burp has been great at reporting XSS on our websites. It does not report it via normal scanning (1.x), it would report the issue if i found a XSS manually using proxy intercept....

Burp v1.7.24+ NTLM Issues

A large number of our app testing consultants at SecureWorks have noted that NTLM authentication stopped working once we upgraded past Burp v1.7.23. We have had to downgrade versions to get things working smoothly with NTLM,...

Crawl/Audit detailed scope configuration does not persist when selected from library

When performing a Crawl+Audit or Crawl, Scan details > Detailed scope configuration > Included URL prefixes, changes are saved if typed manually but not if populated by "Select from library". The url list appears correctly...

Content-Disposition: attachment downloads do not render

Hi, image file (jpegs) downloaded with the response header Content-Disposition: attachment does not have a render tab in the new version of Burp. This means that you cannot see the images within Burp. An example response...

Client SSL Certificate - Hardware Token not detected

I am using the newest Burp version 2.1.01 on Microsoft Windows and want to use a hardware token / smart card for authenticating with a client SSL certificate. The PKCS #11 library is successfully found and loaded, but...

Error starting scan on Burp: Not all seed URLs are in scope

Hi, We're running Burp Suite Enterprise v1.0.15beta and use the HTTP API to register sites for scanning during nightly builds. The sites are registered based on endpoints extracted from swagger files (OpenAPI) and...

Burp Extensions

Hi, it's just a question and also a bug reports. I've noticed that in Burp v2 some api for extension were changed. and i've noticed this in Active scans phases. Many extension active scans fail to execute. Is there...

SSL hardware certificate library cannot be loaded

To pentest applications using Belgian eID smart card identification and Burp Suite Pro, we import the Client SSL Certificate under the 'User Options'-tab > 'SSL'-tab by clicking the 'Add' button and selecting 'Hardware token...

Burp Pro 2.0.05beta Dynamic analysis injected values do not match reported value reaching sink

This is being reported as Client-side JSON injection (DOM-based). The value injected does not match the value that is reported as reaching the sink. Dynamic analysis Data is read from input.value and passed to...

An internal error occurred while launching Burpsuite jar and exe on windows machine

An internal error occurred while launching Burpsuite jar and exe on windows machine even i tried re downloading but not working. Burpsuite 1.7.35 is working but not 2.1.*

repeater not work for https

intercept on,get https requests(A),send to repeater(B),in [Repeater] click [go],response status code:411.Now,in [Proxy] click [Forward],its work,in [HTTP history] response status code :200.Last,in [Repeater] click [Copy...

[Beta v2.0.03beta] Exporting report - report title cache not working

Hi, A small bug it seems. When creating a report, in the reporting wizard window, when customising the report title and entering a title starting with the same letters/words that you used for previous reports, you will...

REST API Does Not Set Content-Type Header When Invoking Callback

When Burp's REST API issues a PUT request to the callback supplied to /scan, Burp does not set the Content-Type header. This causes issues when trying to integrate various tooling, such as ASP.NET Core 2.0. The platform...

subject

localhost - worker process - not in burp - MAC OS

I currently use Chrome with SwitchySharp extension for Proxy or firefox with proxysetting into firefox. Everytime I try to catch traffic comming from localhost, it does not work. I must add an host to my etc/host to test...