Burp Suite User Forum
Correct me if I'm wrong, but using the following payload "@<SNIPPED>.burpcollaborator.net/" to detect Out-of-band resource load (HTTP) will generate huge false positives, as I was able to trigger an issue for every website...
Hi, I just upgraded to the Windows 10 preview and the Burp activation on the machine is gone. Are there any plans to improve the behavior of Burp in this regard? I think it's quite inconvenient to need to reactivate...
Burp Suite's temporary files can rapidly consume disk space when Intercept is off and traffic is high. This is true even when the resource-conserving option "Don't send items to Proxy history or other Burp tools" is enabled...
In Intruder results: - display non-default column "Response received" - add a column based on "Grep - Extract" - the "Response received" column disappeared Not a big deal...
Hi, I'm trying to use burp proxy with a corporate proxy that requires NTLMv2, however it doesn't seem to be working. IE, Firefox and Chrome are working fine with it, but burp throws an error saying "Failed to connect to...
When a website redirects to an IPv6 address (between square brackets), Repeater will not detect the redirect: - the "Follow redirection" button doesn't appear - the "Repeater / Follow redirections / Always" option isn't...
Symantec Endpoint Protection is performing a scan on my machine where I have Burp Suite Pro 1.7.23.jar and it has quarantined burp/gtc.class. What type of issues is this going to cause with the functionality of Burp?
I'm installing the cert in IE and still unable to pull up HTTPS sites..
Hi! Since the latest version of BurpSuite (1.7.22) I noticed quite some drop in performance on MacOS. I mainly use FireFox (also latest version) to browse. I often see that pages are loaded really slow (or don't load at...
I perfectly understand the issue "Unencrypted communications" but I'm not sure how deterministic Burp is reporting this issue. What are the requirements for Burp to report this? I have done a lot of testing and the...
We use ActivClient on our local and remote machines for Smart Card authentication. This works fine with IE and Firefox, both local and remote. When Burp is run on the remote machine, it accepts the pin code and appears to...
When working on Kali 2.0 and maybe others, Burp Suite tries to autocomplete previously used input. This generates an empty grey window that, sometimes, remains open and it's added to the list of open windows. Closing this...
Hello, on Windows x64 + Oracle v1.8.0_112 (from installation bundle), the "BurpSuitePro.exe" binary doesn't print the Help menu when called with "--help" (it just stops after a few seconds). However, other options like...
Hi all, Burp active scan has found potential OS Command Injection using nslookup as the example. I'm unable to replicate this and the IP that burp collaborator shows is from google rather than the server of which the...
There is an API to remove a parameter from a given request in IExtensionHelpers interface (https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#removeParameter(byte[],%20burp.IParameter)). I use this API in...
I am having an issue identical to this one: https://support.portswigger.net/customer/portal/questions/11672133-unable-to-type-anything-on-any-field . The same issue affects OS X 10.12.5 with Java 8 Update 131. This is...
I am using a site which has multiple redirects after submitting a form. After the initial POST request, Burp does not use cookies on subsequent requests. Behavior from the browser: POST request sent with cookies => 302...
Https sites are not loading when interception on.CA certificates are already instslled.i recently updated burp to 1.7 version but no luck.but i can still acess to http://burp ..im using java version 1.8 on my kali linux pc...
I was trying to save the state of a project and received this error. burp.rmc at burp.d7g.a(Unknown Source) at burp.ung.a(Unknown Source) at burp.wng.a(Unknown Source) at burp.p2d.a(Unknown Source) at...
The Strict transport security not enforced issues do not show a request/response. This does not make any sense, there was at least one response that had no HSTS header for Burp to show that issue, so it makes sense to report...
Page 130 of 143
Your source for help and advice on all things Burp-related.