Bug Reports - Page 128 - Burp Suite User Forum

Burp Active Scanner Issue

Hi, We have recently come across an issue with the active scanner. As soon as the scanner is launched with default settings , the load of the java process on the CPU increases exponentially and reaches 400% at which...

Clickbandit broken in latest Chrome?

Hi, Clickbandit appears to be broken in Chrome 62, and if I'm understanding the issue correctly, it's been broken since Chrome 60 due to this change:...

Burp Suit and genymotion not rendering https traffic correct.

I am trying to intercept Chrome https traffic in Genymotion. I have installed the certificate in android and I am not using an external proxy. Wifi connection on Genymotion is set to 192.168.1.188 (localhost) and port 8080...

Scanner misses vulnerabilitites due to improper application demarcation

Hello, Consider this scenario: Application A https://hostname/ (out of scope) Application B https://hostname/appB/ (in scope) If we choose to scan application B, then the scanner checks only application A for server...

Header lines with improper terminators manipulated by Burp in strange ways

I'm currently testing an embedded device with a cgi-script that terminates header lines with only '\n', and '\n\n' at the end of all headers. While not RFC-compliant, browsers seem to handle this just fine. However, when...

UTF-8 search not working

When I'm in Repeater, and copy string containing UTF-8 characters (like word "käytettävissä") from the response, it is not found (in the same response). Could you enhance search to cover UTF-8 characters as well?

Bug in Search Windows using openJDK

Hello dear portswigger team, I have an issue using the Engagement Tools -> Search options. Some times after entering the search word a suggestion window will be created as separate jwindow objects (grey box and white box...

Compare site map feature freezes during comparison

Compare site map feature gets stuck when performing the comparison. This has happened to me almost every time I use the feature against comprehensive sitemap. I've noticed that specific sitemap entries will trigger this...

Session management & redirection & Active scan

I have a platform which redirects user to /login page via location header when you are trying to access anything which requires authentication. I have session management set up, with session handling rules to look for...

Intruder payload bug - square symbols between every character

Every intruder attack include square blocks between every characker of payload. This happened sometimes, but now it's important case so i have to figure out why this happens here is pic:...

Intercept Client Requests rules doesn't affect for Redirect proxy requests

In the case of Redirect proxy configuration (Proxy-Options-Edit-Request Handling-Redirect host/port) all the requests will be redirected to that host even a few interception rules were applied. I expect that all the...

Burp Suite Professional v1.7.03 can't create a new project on Windows Server 2012 R2

In Burp Suite Professional v1.7.03 I can't create a new project on Windows Server 2012 R2. Error message: "Note: Disk-based projects are not supported on 32-bit operating systems." I'm using 64-bit operating system with...

Scanner stucks when pausing

Hello, Many times I see that the scanner doesn't send any more requests and the I pause it. However the message "waiting for pause" never disappears and the scanner is only again usable when I close burp and restart it.

burp crash

Hello, after upgrading to 1.7.27 version, in Target->Issues tab, when I have expanded a branch of vulnerabilities and then right click on the main title of the vulnerability and choose all of them to become false positives,...

can't install latest archive : gunzip issue

Hi, I have the following error when trying to install Burpsuite : --- gzip: sfx_archive.tar.gz: not in gzip format I am sorry, but the installer file seems to be corrupted. If you downloaded that file please try it...

Cmd Key on mac not working within Burp v1.6.26 (Java 1.8.0_60)

The Cmd key on Mac OS 10.10.5 does not seem to be working within Burp (attempted on multiple Burp versions <=1.6.26), thus hampering the use of copy / paste / select all functions. Below are env details: java version...

java.lang.ClassCastException: javax.swing.plaf.ColorUIResource cannot be cast to javax.swing.Painter

I open burp using Oracle Java 8: $ java -version java version "1.8.0_31" Java(TM) SE Runtime Environment (build 1.8.0_31-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode) And I got the following...

java.lang.UnsupportedOperationException

Hi guys, I have searched the support center and found a bug similar to this, but have not yet found a solution and my configuration may be different. I am running Burpsuite Free 1.7.03 on Debian Jessie, and I am receiving...

BApp Store Submit Rating Broken

The "Submit Rating" function appears to be broken in the BApp store. When you click one of the stars on the widget, they all turn blank.

cookies with small values length are ignored

I've noticed that missing httponly is not reported for cookies whose values are less than 5 characters long. It this on purpose? Why? thanks