Burp Suite User Forum

Create new post

Cannot download big files.

Hi! I cannot download any big files through burp proxy. There is no cert installation mistake because I tried this on so many other employees devices too. There are no ssl errors too because a file smaller than 4 mb gets...

Last updated: Nov 25, 2017 04:00AM UTC | 5 Agent replies | 6 Community replies | Bug Reports

Burp 1.7.29 fails to create a project

BurpSuite Pro fails to create a new project on a updated Kali 2017.3. The error message in the GUI is "Failed to create Burp project: ExceptionInInitializeError" root@kali:/opt# java -version openjdk version...

Last updated: Nov 24, 2017 02:35PM UTC | 6 Agent replies | 6 Community replies | Bug Reports

URLs in target scope converted to lower case

When I add a URL like http://example.org/Dealer/A00123 to target scope it is converted to http://example.org/dealer/a00123. If I add it by 'Add to scope' in site map it works as expected but editing in scope tab converts...

Last updated: Nov 24, 2017 12:12PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BApp Store Install hanging 1.7.28

The install of new extensions is hanging after upgrading from 1.7.27 to 1.7.28.

Last updated: Nov 17, 2017 10:03AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Memory overflow

Hi Guys. My Burp Pro always will be terminated by my kali linux, because it uses more then 4 GiB memory. I use 1.7.28, but the previous version (27) does the same thing. I run it from terminal like this: java -Xmx1g...

Last updated: Nov 16, 2017 05:00PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Freeze when changing issues severity

Hello, I am experiencing freeze with BurpPro. This happens when I try to change the severity of a SQL injection ScanIssue to FP. After, UI don't respond, Burp doesn't use CPU or change memory allocation. When launched...

Last updated: Nov 16, 2017 10:17AM UTC | 5 Agent replies | 2 Community replies | Bug Reports

Burp 1.7.28 does not load licenses

Hi there, Yesterday i upgraded BUTP suite PRO to 1.7.28 (from 1.7.27). The 1.7.28 could not recognize the license from 1.7.27 and has been asking for a new license. However, loading a license file endS in license not...

Last updated: Nov 16, 2017 09:29AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

'--project-file' Pauses Scanner

I made a post a week ago (here: https://support.portswigger.net/customer/portal/questions/17180858-save-project-file-with-burp-api) about automatically saving the project file. I was told about the --project-file...

Last updated: Nov 09, 2017 11:08AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Drop down menu bug

In some cases, when burp presents a drop down menu with previous used values (for example when filling in the Fixed time trottle in the options of intruder), the white "block" which is an empty drop down menu does not...

Last updated: Nov 08, 2017 11:13AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp Active Scanner Issue

Hi, We have recently come across an issue with the active scanner. As soon as the scanner is launched with default settings , the load of the java process on the CPU increases exponentially and reaches 400% at which...

Last updated: Nov 07, 2017 12:16PM UTC | 10 Agent replies | 20 Community replies | Bug Reports

Clickbandit broken in latest Chrome?

Hi, Clickbandit appears to be broken in Chrome 62, and if I'm understanding the issue correctly, it's been broken since Chrome 60 due to this change:...

Last updated: Nov 03, 2017 08:55AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Suit and genymotion not rendering https traffic correct.

I am trying to intercept Chrome https traffic in Genymotion. I have installed the certificate in android and I am not using an external proxy. Wifi connection on Genymotion is set to 192.168.1.188 (localhost) and port 8080...

Last updated: Nov 02, 2017 08:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scanner misses vulnerabilitites due to improper application demarcation

Hello, Consider this scenario: Application A https://hostname/ (out of scope) Application B https://hostname/appB/ (in scope) If we choose to scan application B, then the scanner checks only application A for server...

Last updated: Nov 01, 2017 05:04PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Header lines with improper terminators manipulated by Burp in strange ways

I'm currently testing an embedded device with a cgi-script that terminates header lines with only '\n', and '\n\n' at the end of all headers. While not RFC-compliant, browsers seem to handle this just fine. However, when...

Last updated: Oct 30, 2017 10:59AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

UTF-8 search not working

When I'm in Repeater, and copy string containing UTF-8 characters (like word "käytettävissä") from the response, it is not found (in the same response). Could you enhance search to cover UTF-8 characters as well?

Last updated: Oct 16, 2017 10:09AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug in Search Windows using openJDK

Hello dear portswigger team, I have an issue using the Engagement Tools -> Search options. Some times after entering the search word a suggestion window will be created as separate jwindow objects (grey box and white box...

Last updated: Oct 13, 2017 03:15PM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Compare site map feature freezes during comparison

Compare site map feature gets stuck when performing the comparison. This has happened to me almost every time I use the feature against comprehensive sitemap. I've noticed that specific sitemap entries will trigger this...

Last updated: Oct 06, 2017 08:38AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Session management & redirection & Active scan

I have a platform which redirects user to /login page via location header when you are trying to access anything which requires authentication. I have session management set up, with session handling rules to look for...

Last updated: Oct 05, 2017 08:13AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Intruder payload bug - square symbols between every character

Every intruder attack include square blocks between every characker of payload. This happened sometimes, but now it's important case so i have to figure out why this happens here is pic:...

Last updated: Oct 04, 2017 12:06PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Intercept Client Requests rules doesn't affect for Redirect proxy requests

In the case of Redirect proxy configuration (Proxy-Options-Edit-Request Handling-Redirect host/port) all the requests will be redirected to that host even a few interception rules were applied. I expect that all the...

Last updated: Oct 02, 2017 09:41AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 131 of 146

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image