Burp Suite User Forum

Create new post

Scanner issue 0x00000000

Hello, Since v1.6.30 an issue with 0x00000000 index has been added which contains OS command injection description. I guess that's a mistake. Davy

Last updated: Nov 12, 2015 01:37PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Repeater and content-encoding

I think I have two issues: The first is that the settings in proxy for encoding/decoding compression don't seem to apply to repeater. The second is that if I send a HEAD method request via repeater, it tries to...

Last updated: Nov 09, 2015 11:02AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

v 1.6.30 spider

I just downloaded/ran version 1.6.30. The when right clicking and selecting "Spider this host" the host above the selected item is spidered and the item that was actually selected is not spidered. I've restarted that app...

Last updated: Nov 08, 2015 07:23PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

content-type: application/json

An application/json response is by definition unicode (utf-8 by preference, but any multibyte unicode is acceptable). However, if the content-type header does not also include a charset=utf-8 attribute (which is actually...

Last updated: Nov 02, 2015 10:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Intruder silently changes content type of request from application/json to text/plain

When using intruder to masticate a RESTful interface, it will silently change the content-type from the original request's application/json to text/plain. For RESTful interfaces that enforce type, this means that all the...

Last updated: Oct 31, 2015 10:17PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Problem with multihost angularjs site

We have an angularjs/REST web app (IE11) at a client that works fine (no proxy) but is broken when burp is in the middle. The web page normally pulls in several js and css files from a second domain, also owned by the...

Last updated: Oct 29, 2015 12:05PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Session handling with two rules

Hi, I have a web-app that have two issues when scanning or spidering. Sometimes app closes the session so I got a 302 redirect, other times, app malfunctions and all request ends with error 500 and I must re-auth. I...

Last updated: Oct 27, 2015 01:12PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Intruder: Remove several payloads at the same time

Hi, In intruder, when creating the list of payloads to be injected. If several entries are selected from the list (by using shift or ctrl button) and Remove options is clicked, it does not remove all the selected entries...

Last updated: Oct 25, 2015 09:54AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

a couple of UI bugs

Hi, long time user and supporter :D Two small glitches that caught my eye today: 1. tool tips need to be updated with information that issues were moved to Target tab (and that Target is what you need to save in...

Last updated: Oct 14, 2015 07:53AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Dragger not showing after 200 requests

Dragger not showing after >200 requests. Check this https://www.dropbox.com/s/yu9bx9misf57b31/Untitled.png?dl=0

Last updated: Oct 14, 2015 07:47AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Probable bug: SQL injection avoidable false positive ?

"Issue detail The [...redacted...] cookie appears to be vulnerable to SQL injection attacks. The payload ' and '6143'='6143 was submitted in the Auth-Portal cookie, and a database error message was returned. You should...

Last updated: Sep 30, 2015 08:17AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Infinite .Null Files being created when using generateScanReport() with the file format "HTML"

As part of my extension, I am using the generateScanReport() to create both the XML file and the HTML file. However, when I use generateScanReport() with the HTML format, while the HTML file does get created, files with the...

Last updated: Sep 23, 2015 09:41PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Parameter of HTTP POST with Content-Type multipart/form-data could not be updated

Hi all I'm not sure if I'm doing something wrong, but I experienced an issue when trying to remove or update a parameter of a multipart/form-data HTTP POST from a java extension. The original parameter is not removed but...

Last updated: Sep 21, 2015 07:48AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scheme-relative URL are treated as root-relative ones

Tested on v1.6.26 / Linux / Oracle 1.8.0_45-b14 In Repeater (at least), a header like "Location: //nicob.net" is treated as a redirection to "//nicob.net" on the same host. However, browsers will redirect to...

Last updated: Sep 15, 2015 12:50PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp Closes Randomly.

Hi There! I'm a user of Burp Pro, I have recently switched to a Virtualized Environment (VirtualBox) running Kali Linux. Every so often Burp will randomly close. It can happen from using the Intruder or just capturing...

Last updated: Sep 15, 2015 11:22AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Issue Definitions

Not properly sorted by name. Capital letters should not make a difference. Findings should be mapped to OWASP Top 10 and WASC.

Last updated: Sep 14, 2015 08:29AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Hydra (http-get-form) + Burp = Missing GET parameters

## Issue * When using `http-get-form` with `HYDRA_PROXY_HTTP` set and using Burp as the proxy, the GET parameters are not being passed on. * Using other proxies (such as ZAP), or not using a proxy at all, the GET...

Last updated: Sep 14, 2015 08:21AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Issues not visible if related to 404 resources

Hello, the scanner found a XSS in the referer header, and the answer is a custom 404 page with the XSS in the answer. However in the Target tab, the XSS is not visible if "Hide not-found items" is not disabled. Maybe...

Last updated: Sep 11, 2015 11:32AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Failure to open a Macro Recorder dialog

Hi, Sometimes Burp fails to open a Macro Recorder dialog ( Options / Sessions / Macros > Add > Record macro ). I confirmed that it happens when Burp Proxy receive requests frequently (1req/5sec or more, I'm testing web...

Last updated: Sep 09, 2015 02:57PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Burp doesn't properly parse a website which has AngularJS

Many of our websites incorporate AngularJS now. However the content isn't always properly parsed or stays in an loop where it is impossible to input anything through the browser. Has anyone seen this behaviour and has a...

Last updated: Sep 03, 2015 09:28AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Page 135 of 139

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image