Burp Suite User Forum

Create new post

Failed to create project file within shared folder on Virtualbox

Hi I'm not able to create a new project when I specify that the location of the project file is within a shared folder on a Kali VM on Virtualbox. Specifying another 'local', location the creation of the project file...

Last updated: May 09, 2016 01:37PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Issue with Burp Collaborator

Hi, We have a licensed version of Burp suite running and the license is issued to Cisco Systems India Pvt Ltd. We have been running Burp suite on our application and wanted to report an issue that we have been...

Last updated: May 05, 2016 09:24AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Scanner - Live Scanning

Hi There, I am using Burp Suite Professional v1.7.02 beta. There is a very issue in Live Scanning. Every time I select option Don't Scan in Live Passive Scanning and close the Burp Suite. Whenever I start Burp Suite...

Last updated: May 04, 2016 10:50AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Clear text password box in proxy certificate p12 settings

Hello, the possibility to use a PKCS#12 keystore in the proxy certificate options saved our bottoms today in a SoapUI/Ready! API environment, so thanks for that first. [for other poor souls in the same situation: If...

Last updated: Apr 27, 2016 07:46AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Error resolving "/burp/show/1" when non-default proxy port is used.

I am having issues with the "Test in browser" functionality from CSRF PoC and "Show response in browser" functionality from proxy. Both of these seem to work fine with the default configuration of Burp set to listen on...

Last updated: Apr 26, 2016 04:41AM UTC | 1 Agent replies | 2 Community replies | Bug Reports

AMF Deserialization

When an AMF response body contains a custom object, BURP can't seem to properly deserialize the body and return a "data - null" instead of the proper object. For the same request/response, Charles proxy seem to be able to...

Last updated: Apr 20, 2016 07:55AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug when adding or updating a PARAM_COOKIE parameter

Hello, I'm working on super basic extension which allows to edit the value of a specific cookie in its own Repeater display tab. But when I call updateParameter(..., buildParameter(..., PARAM_COOKIE)), the cookie line is...

Last updated: Apr 20, 2016 07:46AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Aggreated scanner issue for extensions shows issue name, not the extension name

Every issue that is created gets a first paragraph telling which extension it was: "Note: This issue was generated by the Burp extension: <extension name>" When an extension's issue gets more than one hit, a top-level...

Last updated: Apr 18, 2016 02:43PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

options/ssl menu fails to load upon restore if client certificate

We are working as a small team and my colleague gave me his saved burp state. I restored it in my burp instance mostly without problem, but the options/ssl tab fails to load properly. The site we are testing requires a...

Last updated: Apr 18, 2016 02:43PM UTC | 4 Agent replies | 2 Community replies | Bug Reports

"Session token in URL" false positive

Hi, Burp Scanner v1.6.38 gave me false positive for "Session token in URL" without any reason, as I think. Take a look at following excerpt from...

Last updated: Apr 18, 2016 07:59AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

"Link manipulation (DOM-based)" false positive - local variable override

Hi, Burp Scanner v1.6.38 generated false positive for "Link manipulation (DOM-based)". Excerpt from report: Data is read from location and passed to the 'href' property of a DOM element via the following...

Last updated: Apr 18, 2016 07:58AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

1.7beta bug: disable proxy intercept at startup

I just downloaded 1.7beta (32-bit OS) I started it up and skipped changing the defaults (I did not load a config file, etc). I used the defaults. By default, Intercept was enabled. I looked for the following option to...

Last updated: Apr 13, 2016 07:40AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Coverage differences between public and private Collaborator instances

I recently tested Collaborator using different injection scenarios. I noticed that the vectors used are different, depending if Collbaorator is defined by its DNS name (public or private instance) or its IP address (private...

Last updated: Apr 12, 2016 07:50AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Requests sent to upstream proxies are NOT transcoded to proxy-style requests

When "Options > Connections > Upstream Proxy Servers" is used to redirect all traffic to an upstream server, requests are _NOT_ encoded to the proxy format (with a fully qualified first line). That's OK when chaining Burp...

Last updated: Apr 11, 2016 08:53PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

How to fix the burp suit jar files.

Getting the error while launching burpsuite_pro_v1.6.35.jar. Error Description: "Error Invalid or Corrupt jarfile"

Last updated: Apr 11, 2016 03:17PM UTC | 8 Agent replies | 8 Community replies | Bug Reports

Pro 6.36 and 6.37 will not start, corrupt

I can run the free version .32. I purchased Pro and it won't start. Invalid or corrupt jarfile burpsuite_pro_v1.6.36.jar Invalid or corrupt jarfile burpsuite_pro_v1.6.37.jar

Last updated: Apr 11, 2016 08:21AM UTC | 6 Agent replies | 5 Community replies | Bug Reports

Scrolling button dissapears

The last few versions of Burp Pro (apologies I cannot recall which version I firstly identified this) suffer from a quite annoying bug. The scroll button in most of the windows/features that requires this, disappears soon...

Last updated: Apr 06, 2016 10:04PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Simple SQLi identification failed

Hi, I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks). In details, using active scan on "Login #4" page, Burp fails to identify the following...

Last updated: Apr 06, 2016 08:31PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Scanner unpaused scan of app1 when actively scanning a single page on app2 (SSO)

Here's the environment: - app1.example.com (SSO enabled app #1) - app2-stage.example.com (SSO enabled app #2) Here's the user story: 1.) Tester spiders app1 without SSO auth 2.) Tester does active scan of app1...

Last updated: Apr 04, 2016 10:44AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug with Extender self._callbacks.makeHttpRequest ?

When I use self._callbacks.makeHttpRequest in my extension and the target server responds with an SSL error such as "SSL received a record that exceeded the maximum permissible length. (Error code:...

Last updated: Apr 01, 2016 02:27AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Page 139 of 146

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image