Bug Reports - Page 136 - Burp Suite User Forum

BUG

CO2 DOWNLAD AND EROR BrupSuite

SSL SNI not used with upstream proxy

Hello, SSL SNI works properly on regular connections but not on connections through upstream http proxy. After getting Handshake_Failure alerts when using an upstream http proxy I've confirmed that the "Server_Name"...

IP adddress regexp

Dear team, I noticed in burp 1.7.22 that "Private IP addresses disclosed" is failing to parse an IP address with this format: xxx.xx.xxx.xx. All remains IP address are being parsed. Kind Regards, Daniel

external service interaction DNS

Hi, I am using Burp 1.7.15. I scanned my system in Jan and got scan report. I scanned my system again in March, and got new issues "external service interaction DNS" in the report. I did not upgrade Burp...

We can't use multi-byte characters in sitemap comment to save as XML

When saving sitemap, we can't use multi-byte Japanese characters as comment. (Its generate invalid encoded XML.) [View] Target > Site map [Steps] 1. Set following words as sitemap comment. ???? 2. left-click on...

Upstream proxy configuration only passes URI and not domain/host

Hi, I have spent some time trying to configure an upstream squid proxy server in order to have a known source IP address for testing engagements, without relying on a VPN (unfortunately in my specific circumstances a...

Spider Queues Do Not Clear

Hello, I'm using Burp 1.7.21 and when I attempt to clear the Spider queue it is not cleared. This is an issue I've had many times with larger sites over many versions of Burp. Video of...

Burp Mobile Assistant - empty Source repo on Cydia

Hi Burp team, I am very grateful for the new Mobile Assistant feature. I downloaded it today (with Free Edition v1.7.21). I can get my jailbroken, ios 9.3.3 device to add my Cydia source: http://localhost:8080 but...

Bug Report

Burp Free Edition Are Not Support State Proxy Server So Please Solv It. Ethical Hacker

IMessageEditor.isMessageModified() does not detect modification

I have an extension that uses IMessageEditor.isMessageModified() to determine when a user has modified a request. This works when a user explicitly types a change, however, it does not return true after a user has...

Failed to create Burp project: NullPointerException (v1.7.21)

C:\>java -jar burpsuite_pro_v1.7.21.jar --project-file="C:\TEMP\testasdf" Failed to create Burp project: NullPointerException Running fine with burpsuite_pro_v1.7.19.jar

Error opening existing project

When I try to open an existing project after a computer or burp crash, I get the following error message: "An error occurred when starting a project with the selected options. Failed to create Burp project:...

Unable to load Burp Suite

Hi, I have installed the Burp Suite Free Edition v1.0.21 using jar. It worked when installed. Now, when I'm trying to open it next time. It just doesn't load. Giving an error when I'm trying to open using Terminal...

Server Side Code Injection not detected without enabling SQL Injection scanning module

Hello Team, While testing for python code injections, i observed that the burp suite pro 1.7.21 active scanner does not detect server side code injections without enabling the SQL Injection main module (sub-modules for...

"Load user options" problem

Hi, I want to report a bug that I found on "Burp User Options" section. I have a specific configuration file and I import the file everytime I use Burp. My problem shows up on that importing part. When I import the...

Certs invalid on Chrome 58 due to CN Deprecation

TL;DR: Chrome 58 only looks at the SAN in a cert for validating hostnames and not the CN. Please add a SAN for the hostname when generating the cert. In 2000, RFC 2818 (https://tools.ietf.org/html/rfc2818) "deprecated"...

cookie without secure flag - different issues

Can you explain the difference in these two issue which have both been flagged on the same site? Issue: SSL cookie without secure flag...

No API stack nor full parameter value when using Infiltrator with a private Collaborator server

[Tested with Burp Suite Pro 1.7.19] I instrument Jenkins 1.580.2 like that: java -jar ${JENKINS_HOME}/infiltrator.jar --non-interactive --report-parameter-values=true --report-call-stacks=true...

"Go" button of Engagement tools/Search box is lost

Hello, When you search long strings the "Go" button is lost after your first search. Well not completely lost but it is moved at the right when you search for 50+ char strings. Searching for 100 char make it disappear...

Illegal Unicode Payload seems to be not working

I have burp professional and I'm trying to use Illegal Unicode payload on Intruder but it seems that is not working. As an example I tried the request below selecting xpto from URL as a payload position and Snipper as an...

BUG