Burp Suite User Forum
When an AMF response body contains a custom object, BURP can't seem to properly deserialize the body and return a "data - null" instead of the proper object. For the same request/response, Charles proxy seem to be able to...
Hello, I'm working on super basic extension which allows to edit the value of a specific cookie in its own Repeater display tab. But when I call updateParameter(..., buildParameter(..., PARAM_COOKIE)), the cookie line is...
Every issue that is created gets a first paragraph telling which extension it was: "Note: This issue was generated by the Burp extension: <extension name>" When an extension's issue gets more than one hit, a top-level...
We are working as a small team and my colleague gave me his saved burp state. I restored it in my burp instance mostly without problem, but the options/ssl tab fails to load properly. The site we are testing requires a...
Hi, Burp Scanner v1.6.38 gave me false positive for "Session token in URL" without any reason, as I think. Take a look at following excerpt from...
Hi, Burp Scanner v1.6.38 generated false positive for "Link manipulation (DOM-based)". Excerpt from report: Data is read from location and passed to the 'href' property of a DOM element via the following...
I just downloaded 1.7beta (32-bit OS) I started it up and skipped changing the defaults (I did not load a config file, etc). I used the defaults. By default, Intercept was enabled. I looked for the following option to...
I recently tested Collaborator using different injection scenarios. I noticed that the vectors used are different, depending if Collbaorator is defined by its DNS name (public or private instance) or its IP address (private...
When "Options > Connections > Upstream Proxy Servers" is used to redirect all traffic to an upstream server, requests are _NOT_ encoded to the proxy format (with a fully qualified first line). That's OK when chaining Burp...
Getting the error while launching burpsuite_pro_v1.6.35.jar. Error Description: "Error Invalid or Corrupt jarfile"
I can run the free version .32. I purchased Pro and it won't start. Invalid or corrupt jarfile burpsuite_pro_v1.6.36.jar Invalid or corrupt jarfile burpsuite_pro_v1.6.37.jar
The last few versions of Burp Pro (apologies I cannot recall which version I firstly identified this) suffer from a quite annoying bug. The scroll button in most of the windows/features that requires this, disappears soon...
Hi, I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks). In details, using active scan on "Login #4" page, Burp fails to identify the following...
Here's the environment: - app1.example.com (SSO enabled app #1) - app2-stage.example.com (SSO enabled app #2) Here's the user story: 1.) Tester spiders app1 without SSO auth 2.) Tester does active scan of app1...
When I use self._callbacks.makeHttpRequest in my extension and the target server responds with an SSL error such as "SSL received a record that exceeded the maximum permissible length. (Error code:...
Hi, We are experiencing performance issues with Burp, with some web application pages taking over a minute to load. After investigation, we found out that Burp was issuing local DNS requests which could not be resolved...
With the recent update in java, when i try to run burpsuite in kali linux 2.0, as soon as i try to use the application, burpsuite crashes. and the system crashes and logs me out. I have the following version of java in my...
Using burpsuite_pro_v1.6.39.jar (but had the problem in previous versions too) Brup Extender Plugins: Active Scan++, Error Message Checks, Java Deserialization Scanner, Software Version Reporter, Heartbleed I lately get...
Burp will not run if a directory within the path ends with an "!". Burp was here: c:\!tools!\burp\burpsuite_pro_v1.6.38.jar. Moved the "burp" dir to the root directory and it runs fine. Tested by renaming the "burp" dir to...
This is probably related to the new features implemented when http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html was written. It seems to be that some new features of the active scanner are incorrectly...
Page 137 of 143
Your source for help and advice on all things Burp-related.