Burp Suite User Forum

Create new post

Firefox Developer Tools shows 200 instead of 302 when using Burp as a proxy

Not sure why but for some 302 response if I'm using Burp as a proxy on Firefox from Burp Proxy History or Interception I can see the 302 but on Firefox Developer Tools shows me 200. Removing Burp as a proxy from Firefox I...

Last updated: Feb 23, 2017 07:26PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp cant handle same-name cookies set to different paths

Just chiming in to add another vote for fixing cookie jar handling for cookies with the same name but differing paths. In my case, two different sessionId cookies at root (/) and one at a subdirectory (/service/). Both are...

Last updated: Feb 23, 2017 09:17AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Buby

Buby no longer works with 1.6.20 (results in error: no implicit conversion of nil into String); 1.6.19 and below works fine.

Last updated: Feb 08, 2017 09:19PM UTC | 1 Agent replies | 4 Community replies | Bug Reports

1.7.17

This bug just started this morning with 1.7.17..... Temporary project -> load from configuration file-> Start Burp Loads 2 tabs for every extension.

Last updated: Feb 03, 2017 04:45PM UTC | 2 Agent replies | 3 Community replies | Bug Reports

Restoring a saved state

Hey, I was trying to restore a saved state and I keep recieving the same message. The state was stored in 1.7.14 and restored in 1.7.16 burp.f6c at burp.g1g.a(Unknown Source) at burp.g1g.a(Unknown Source) at...

Last updated: Feb 01, 2017 09:15AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scanner errors, but logs show no errors

Running Burp Pro 1.7.16. I'm attempting to do an active scan against selected values in a PUT request. Here is an example of the data. {"notes":"Test","userN":"pentest"} I've marked "Test" and "pentest" in Intruder...

Last updated: Feb 01, 2017 09:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Not all repeater tabs saved/restored via state file

Hi, Tested on Mac OSX (save) and restore (Win & Mac). When saving the state file and restoring it later one, one Repeater tab (the last one) is missing from the restored state.Not sure whether it's not save in the...

Last updated: Jan 27, 2017 03:32PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Memory Leak

Hello, I wanted to chime in to see if there is a possible memory leak with the newest version of burpsuite. I was running a scan that seemed to have been running for almost 24 hours. I soon realized that burpsuite...

Last updated: Jan 27, 2017 11:11AM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Line Feed not showing in response window

Recently we tested a website for CRLF problems, when sending GET /%23%0dSet-Cookie:%20test=test%20HTTP/1.1 ... the Server answers with an redirect to Location: xxx/#%0dSet-Cookie:... Burps Response Window is hiding the %0d...

Last updated: Jan 27, 2017 09:03AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Opening and saving an Intruder attack saves nothing

Steps to reproduce: 1. Open a previously saved Intruder attack using the "Intruder | Open saved attack" menu item in the main window. 2. Save the attack using the "Save | Attack" menu item. Expected results: Attack...

Last updated: Jan 25, 2017 02:42PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

History logging disabled warning disappears after reload

In Proxy > Options > Miscellaneous when you check Disable logging to history and site map, a nice warning appears on the top of the Proxy History window saying "History logging disabled". However if you close Burp, reopen...

Last updated: Jan 25, 2017 02:27PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Cross-site scripting (reflected) Change?

Cross-site scripting (reflected) now shows as an informational instead of a high finding after the .16 update. Is that supposed to be the case?

Last updated: Jan 24, 2017 09:22AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Blank page displayed in Firefox when requesting websites behind corporate firewall

Hi, As the topic says, the browser (Firefox) simply shows a blank page when requesting websites hosted behind our corporate firewall (but not on same network). The behavior is quite strange considering the following: 1)...

Last updated: Jan 24, 2017 09:18AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Incorrect statement regarding HTML5 cross-origin resource sharing

Hello, In burp, the issue regarding "Access-Control-Allow-Origin: *" is described as follows: Issue detail The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request which allows...

Last updated: Jan 23, 2017 12:17PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Executing infiltrator on webgoat-container-7.1-exec.jar

Hi, don't know if it is a bug or not, but the problem accurs on Windows 7 and Xubuntu 16.04. Java Version: 1.8.0_111 Burp Suite Professional v1.7.15 The Problem: executing the burp_infiltrator_java.jar on...

Last updated: Jan 17, 2017 01:57PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Repeater Content-Length is not recalculated when json content is modified

Hi, Quite often in the repeater when you deal with a POST with a Content-Type: application/json;charset=utf-8, when you modify the json body the repeater doesn't recalculate the content-length header. If you add some...

Last updated: Jan 16, 2017 03:47PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

handshake failure using strong cipher suites

Description: Clients requesting (exclusively) strong cipher suites are unable to connect to Burp proxy. Burp always causes handshake failure. Software used: oracle jdk1.8.0_122, burp suite 1.7.06 How to...

Last updated: Jan 13, 2017 11:57AM UTC | 6 Agent replies | 9 Community replies | Bug Reports

ECB Block Shuffler Payload type behaviour

Not sure if this is bug or im doing it wrong but i tried using the ECB Payload of Burpsuite with base request of: GET...

Last updated: Jan 04, 2017 09:57AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Version burpsuite_pro_v1.7.15 (OSX) is crashing when trying to start

While trying to start, the burp window opens but closes just after the screen refresh. It is strange because the JVM don't crash. The worst part is, I can not use the older version to reopen the project as now burps...

Last updated: Dec 22, 2016 09:11AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Viewing aspx extensions

Hi, When using Burp Suite Pro I've come across a problem where the response tabs are unable to display the raw response from aspx file extensions. When copying the raw response into both classic Notepad and Notepad++...

Last updated: Dec 21, 2016 09:51AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 135 of 146

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image