Burp Suite User Forum
Cross-site scripting (reflected) now shows as an informational instead of a high finding after the .16 update. Is that supposed to be the case?
Hi, As the topic says, the browser (Firefox) simply shows a blank page when requesting websites hosted behind our corporate firewall (but not on same network). The behavior is quite strange considering the following: 1)...
Hello, In burp, the issue regarding "Access-Control-Allow-Origin: *" is described as follows: Issue detail The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request which allows...
Hi, don't know if it is a bug or not, but the problem accurs on Windows 7 and Xubuntu 16.04. Java Version: 1.8.0_111 Burp Suite Professional v1.7.15 The Problem: executing the burp_infiltrator_java.jar on...
Hi, Quite often in the repeater when you deal with a POST with a Content-Type: application/json;charset=utf-8, when you modify the json body the repeater doesn't recalculate the content-length header. If you add some...
Description: Clients requesting (exclusively) strong cipher suites are unable to connect to Burp proxy. Burp always causes handshake failure. Software used: oracle jdk1.8.0_122, burp suite 1.7.06 How to...
Not sure if this is bug or im doing it wrong but i tried using the ECB Payload of Burpsuite with base request of: GET...
While trying to start, the burp window opens but closes just after the screen refresh. It is strange because the JVM don't crash. The worst part is, I can not use the older version to reopen the project as now burps...
Hi, When using Burp Suite Pro I've come across a problem where the response tabs are unable to display the raw response from aspx file extensions. When copying the raw response into both classic Notepad and Notepad++...
In the repeater, if a request is timing out and it is cancelled then the history is lost, i.e. the arrows stop working and you can't see other requests. Done it for me a few times on current test so very repeatable.
In some text inputs like the filters (by search term, by file extension: show/hide) in both the Target and Proxy tab seem to update the internals only when there's a keystroke event fired in them (the user either deletes or...
I'm testing a site which requires the alternative Java crypto policy files, I put them in place but after a Burp upgrade they were put back to the original ones. Left me confused as to why I could no longer access the...
HTTP, not just HTTPS responses obey the cache control headers, yes? So, shouldn't the finding for 'https://portswigger.net/KnowledgeBase/issues/Details/00700100_CacheableHTTPSresponse' be more generic. I noted in a...
Hi, I am currently expecting a strange issue with Burp, which affects the active scanner. I have used the active scanner against a web application which is protected by some kind of WAF. The WAF works like this: if the...
So this problem can cause loss of data in already saved project? Because is what happened to me unfortunately. Also, you know on which OS this problem can occur?
Hello, In a recent engagement I found page that indeed there is directory listing but burp cannot identify it in any way. The source page also contains the string "Directory Listing For /....". I have run active and...
Hi, We have encounter wired error while intercepting an application with SSL. 1480321180146 Repeater Auto-selected SSL parameters for domainstagxyz.domainxyz.com: default protocols,...
Burp Scanner is very slow running why ???
Burp appears to mark certs issued by Let's Encrypt as untrusted. Because of this, some plugins, like the relatively recent Dradis Framework plugin will fail.
Burp Active Scanner is unable to detect certain kinds of JSON parameter which are vulnerable to XSS Please refer to the below screenshot: https://dl.dropboxusercontent.com/u/9636822/jsonxss.png During manual...
Page 138 of 148
Your source for help and advice on all things Burp-related.