Bug Reports - Page 139 - Burp Suite User Forum

In the active scan, sqli and judgment has a problem

My English is not good. In the active scan, (and 1=1) and (and 1=2 ) The returned result is different but the scan Not detected There is a problem

Hard-to-read HTML pages such as Extender and Documentation

I just noticed that most of the internally-accessible BurpSuite documentation isn't being shown correctly on my installation, as well as the Extender tool is difficult to read since the HTML source code is shown...

Burp Project looses data

I used burp 1.7.10 for a whole day without problems. I created a new project and at the end of the day i just closed burp without any errors or problems. The 2nd day i opened the same project and everything was fine, no...

XSS False positive

I have some reflected XSS reported as high+certain when actually there's no vulnerability. There is a specific header (anti Csrf) which is added by some js on page. Since a request from another domain won't be able to add...

negotiate authentication trouble

i'm used Burp Suite Professional last V i try to login website with negotiate authentication Burp Suite don't accept negotiate authentication how can i fix that ??

Target of CONNECT Sends Data First, Data not seen by Client; Expected?

Four scenarios: 1) Client -> Target 2) Client -> Squid -> Target 3) Client -> Burp Proxy (CONNECT) -> Target 4) Client -> Burp -> Squid -> Target * The underlying communications between the client and target in not...

Burp Suite 1.7.08 Infected/Backdoored?

burpsuite_pro_v1.7.08.jar MD5: eb98fc4432cff3e288afd2bd2b6b3661 SHA256:...

GUI display issue

Hi, I cant see some of burp text on it's menus, it happens when I change screen or click on something. I'm on VMWare 11 windows 10 java 1.7.0_80-b15. picture of the problem:...

SSL peer shut down incorrectly / WebSockets not upgrading

TL;DR - The default setting for 'Set "Connection close" on incoming requests', introduced in v1.6.32 should be disabled by default because it seems to break websockets. I had an issue that took me quite a while to figure...

processProxyMessage doesn't take changes from processHttpMessage into account

Hey guys, I am not sure if this is a bug or intended behavior but I wanted to let you know anyway. At work I recently made a small plugin that simply adds a custom header to outgoing requests by overriding...

Send to Decoder character limit

Hi there Any reason Send to Decoder only transfers the first 10,000 characters? When I copy and paste, the whole lot comes over - granted, that's a different buffer, but given that Send to Repeater handles larger blocks,...

buggy double click auto selection in response

bellow is response: HTTP/1.1 200 OK Server: openresty Date: Wed, 14 Sep 2016 04:28:37 GMT Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.4.11 Content-Length:...

Collaborator polling ssl root cert

Stood up a private collab server and everything seems to be running as expected. Looking at the polling server on 9443 however I get a cert error warning. Same cert is used for 443 and there's no warning. Not sure if I...

Intruder: Make it easier to retrieve long payloads from attack results

If a payload is quite long (when using, for example, the Bit Flipper payload on a long session token), it's truncated in the displayed results grid when the column is expanded. This isn't great, but it's livable if the whole...

Burp Scanner does not recognize Open Redirect

Burp Scanner does not recognize Open Redirect: When checking the raw scanner requests/responses with Logger++ I spotted the following Open Redirect situation that was not recognized/reported by the...

Unable to Repeat a Saved Attack

I am using Burp Suite Pro 1.7.06 with Java version 1.8.0_102 on Windows 10. I am able to open saved attacks via the "Intruder" > "Open Saved Attack" menu, but when I then select "Attack" > "Repeat" in the resulting pop-up...

Burp fails loading CSS, responds extremely sluggish, CPU up to 100%

Hi, I am using Burp on a Mac Book Pro (End 2013, 16 GB Ram) latest version (1.7.05). Burp has come to a point, that I can hardly use it for my day to day work: When doing an application test with Burp and Firefox (most...

Match-Replace Doesn't Work With External js Files

Hi, I'm not sure that this phenomenon is a bug or is an intentional "feature" and I've searched support and the community, but... I set up a series of rather heavy-handed filters, using "Match and Replace" - 4 to be...

Burp/Repeater decodes payload incorrectly

I am trying to send different payloads with Burp repeater, but found some characters to result in unwanted behavior of the repeater functionality. Details: I am sending the following character as a repeater payload...

SQLiPy plugin, no start button for sqlmap tab

OS: Kali Linux 2.0 Software versions installed: jython 2.7.0 Burpsuite 1.7.04 Java 1.7.0_79 SQLiPy 0.5.0 Issue: When trying to use the SQLmap plugin for Burpsuite with the above installations the "start" button...