Bug Reports - Page 137 - Burp Suite User Forum

Repeater - 307 Redirects broken

It looks like the 307 Redirect is not implemented per spec in the Repeater. In Repeater, setting the "Follow Redirect", results in a 307 Redirect for a POST request gets converted to a GET request (and loses the POST...

Burp Collaborator : Documentation typo

In the tutorial for Burp Collaborator, the command to convert certificate from PEM to PKCS8 has a typo. https://portswigger.net/burp/help/collaborator_deploying.html#ssl ``` openssl pkcs8 -topk8 -inform PEM -in...

Possible Path encoding error leading to loading failure of extentions

When loading a stock extension (In this case, autorize), I encountered this error after updating this morning to the latest version. Version: 1.7.18 OS: Win10 Error: Traceback (most recent call last): File...

Extension with JRuby (bug?)

Hi, I downloaded the new release 1.7.19 that fixes a bug that was introduced in 1.7.18 that prevented Python and Ruby extensions from loading in Windows. But, I think there is still a problem, for example I take an...

Problem running burpsuite_free_linux_v1_7_10.sh on 32-bit Debian 8.6

Hello! After downloading burpsuite_free_linux_v1_7_10.sh from the website, allowing execution (chmod +x), then running it (even with sudo) I get the following error message: Unpacking JRE ... Starting Installer...

Burp v1.7.17 Pro appears to be dropping HTTPs requests

Hi everyone. I am having some issues with Burp Suite v1.7.17 Pro. I can load HTTP sites fine and intercept them with the Burp Proxy, but I am unable to load ANY HTTPs sites, the browser just continues to load waiting. I...

CONNECT request for plaintext resource fails

Hi, While testing Metasploit modules during module development, I will often try to pass the HTTP requests Metasploit is making through burp. However, when Metasploit is interacting with a plaintext resource (no SSL),...

Burp Scanner doesn't use cookie from session handling rule (makro)

So because I need some testcases for my new burp plugin I tried scanning the Hackerone bug bounty program of lyst.com https://hackerone.com/lyst . I found a potential bug in Burp's Makro/Session handling. The Makro is not...

How do i get this fixed ?!

I've downloaded webGoat which now runs on port 8080, and Burp is installed on port 8181 , i set up the browser connection proxy to 127.0.0.1:8181 burp proxy listener on 127.0.0.1:8181 and the target scope to...

Firefox Developer Tools shows 200 instead of 302 when using Burp as a proxy

Not sure why but for some 302 response if I'm using Burp as a proxy on Firefox from Burp Proxy History or Interception I can see the 302 but on Firefox Developer Tools shows me 200. Removing Burp as a proxy from Firefox I...

Burp cant handle same-name cookies set to different paths

Just chiming in to add another vote for fixing cookie jar handling for cookies with the same name but differing paths. In my case, two different sessionId cookies at root (/) and one at a subdirectory (/service/). Both are...

Buby

Buby no longer works with 1.6.20 (results in error: no implicit conversion of nil into String); 1.6.19 and below works fine.

1.7.17

This bug just started this morning with 1.7.17..... Temporary project -> load from configuration file-> Start Burp Loads 2 tabs for every extension.

Restoring a saved state

Hey, I was trying to restore a saved state and I keep recieving the same message. The state was stored in 1.7.14 and restored in 1.7.16 burp.f6c at burp.g1g.a(Unknown Source) at burp.g1g.a(Unknown Source) at...

Scanner errors, but logs show no errors

Running Burp Pro 1.7.16. I'm attempting to do an active scan against selected values in a PUT request. Here is an example of the data. {"notes":"Test","userN":"pentest"} I've marked "Test" and "pentest" in Intruder...

Not all repeater tabs saved/restored via state file

Hi, Tested on Mac OSX (save) and restore (Win & Mac). When saving the state file and restoring it later one, one Repeater tab (the last one) is missing from the restored state.Not sure whether it's not save in the...

Memory Leak

Hello, I wanted to chime in to see if there is a possible memory leak with the newest version of burpsuite. I was running a scan that seemed to have been running for almost 24 hours. I soon realized that burpsuite...

Line Feed not showing in response window

Recently we tested a website for CRLF problems, when sending GET /%23%0dSet-Cookie:%20test=test%20HTTP/1.1 ... the Server answers with an redirect to Location: xxx/#%0dSet-Cookie:... Burps Response Window is hiding the %0d...

Opening and saving an Intruder attack saves nothing

Steps to reproduce: 1. Open a previously saved Intruder attack using the "Intruder | Open saved attack" menu item in the main window. 2. Save the attack using the "Save | Attack" menu item. Expected results: Attack...

History logging disabled warning disappears after reload

In Proxy > Options > Miscellaneous when you check Disable logging to history and site map, a nice warning appears on the top of the Proxy History window saying "History logging disabled". However if you close Burp, reopen...