Bug Reports - Page 130 - Burp Suite User Forum

Burp Collaborator OOB - HTTP

Correct me if I'm wrong, but using the following payload "@<SNIPPED>.burpcollaborator.net/" to detect Out-of-band resource load (HTTP) will generate huge false positives, as I was able to trigger an issue for every website...

Activation lost after Windows Upgrade

Hi, I just upgraded to the Windows 10 preview and the Burp activation on the machine is gone. Are there any plans to improve the behavior of Burp in this regard? I think it's quite inconvenient to need to reactivate...

Temporary file disk usage and dedicated temp file drives

Burp Suite's temporary files can rapidly consume disk space when Intercept is off and traffic is high. This is true even when the resource-conserving option "Don't send items to Proxy history or other Burp tools" is enabled...

"Response received" column disappears when "Grep Extract" is used

In Intruder results: - display non-default column "Response received" - add a column based on "Grep - Extract" - the "Response received" column disappeared Not a big deal...

NTLMv2 Proxy Auth not working

Hi, I'm trying to use burp proxy with a corporate proxy that requires NTLMv2, however it doesn't seem to be working. IE, Firefox and Chrome are working fine with it, but burp throws an error saying "Failed to connect to...

Redirects to IPv6 IP addresses are not detected

When a website redirects to an IPv6 address (between square brackets), Repeater will not detect the redirect: - the "Follow redirection" button doesn't appear - the "Repeater / Follow redirections / Always" option isn't...

SEP quarantined gtc.class in 1.7.23.jar

Symantec Endpoint Protection is performing a scan on my machine where I have Burp Suite Pro 1.7.23.jar and it has quarantined burp/gtc.class. What type of issues is this going to cause with the functionality of Burp?

CA CERT

I'm installing the cert in IE and still unable to pull up HTTPS sites..

Performance dropped in latest version of BurpSuite? (MacOS)

Hi! Since the latest version of BurpSuite (1.7.22) I noticed quite some drop in performance on MacOS. I mainly use FireFox (also latest version) to browse. I often see that pages are loaded really slow (or don't load at...

missing "Unencrypted communications"

I perfectly understand the issue "Unencrypted communications" but I'm not sure how deterministic Burp is reporting this issue. What are the requirements for Burp to report this? I have done a lot of testing and the...

Smart Card not working over Remote Desktop

We use ActivClient on our local and remote machines for Smart Card authentication. This works fine with IE and Firefox, both local and remote. When Burp is run on the remote machine, it accepts the pin code and appears to...

Fix gray autocomplete orphan dialogs

When working on Kali 2.0 and maybe others, Burp Suite tries to autocomplete previously used input. This generates an empty grey window that, sometimes, remains open and it's added to the list of open windows. Closing this...

CLI option "--help" doesn't work on Windows

Hello, on Windows x64 + Oracle v1.8.0_112 (from installation bundle), the "BurpSuitePro.exe" binary doesn't print the Help menu when called with "--help" (it just stops after a few seconds). However, other options like...

OS Command Injection FP?

Hi all, Burp active scan has found potential OS Command Injection using nslookup as the example. I'm unable to replicate this and the IP that burp collaborator shows is from google rather than the server of which the...

removeParameter API outputs incorrect request when removing the last Cookie

There is an API to remove a parameter from a given request in IExtensionHelpers interface (https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#removeParameter(byte[],%20burp.IParameter)). I use this API in...

Burp stops accepting keyboard input

I am having an issue identical to this one: https://support.portswigger.net/customer/portal/questions/11672133-unable-to-type-anything-on-any-field . The same issue affects OS X 10.12.5 with Java 8 Update 131. This is...

Burp does not process cookies when initializing Intruder

I am using a site which has multiple redirects after submitting a form. After the initial POST request, Burp does not use cookies on subsequent requests. Behavior from the browser: POST request sent with cookies => 302...

https:// sites not loading

Https sites are not loading when interception on.CA certificates are already instslled.i recently updated burp to 1.7 version but no luck.but i can still acess to http://burp ..im using java version 1.8 on my kali linux pc...

Save State Bug Report

I was trying to save the state of a project and received this error. burp.rmc at burp.d7g.a(Unknown Source) at burp.ung.a(Unknown Source) at burp.wng.a(Unknown Source) at burp.p2d.a(Unknown Source) at...

Strict transport security not enforced without request/response

The Strict transport security not enforced issues do not show a request/response. This does not make any sense, there was at least one response that had no HSTS header for Burp to show that issue, so it makes sense to report...