Bug Reports - Page 140 - Burp Suite User Forum

Burp Collaborator WAF triggering/not obeying options

Hey, I am currently using Burp to run an assessment on a website. They use Incapsula as a WAF, which is being triggered very frequently. At first I thought it might be related to spidering too fast, but I modified the...

Received Fatal Alert: Handshake_Failure

Hi, I am a Burp pro user. My Burp pro throws an error in web screen and Alert tab in the burp like the subject: Received Falat Alert: Handshake_Failure. Firstly, I need to tell you that I took the certificate from...

PortSwigger Certificate invalid

(I'm using macOS High Sierra 10.13.3 and Burp Suite Community Edition v1.7.32) I've followed the instructions to install the Burp Certificate...

IParameter Flags

The flag fields in IParameter are set to default visibility. I'm guessing they are intended to be public.

problem

"><a href="javascript:confirm%28 1%29">Clickme</a>

Burp import project

Thanks for the new "Burp import project" feature. Burp requires that you have a disk-based project to be able to import projects after opening Burp. So if you have a temporary project then you cannot import. When you...

Scanner Issue Activity import project

When importing a project the scanner issue activity remained empty, no issues were imported. However, when opening the same project normally (during start up of Burp), all of the issues populated the scanner issue...

Not able to upgrade the Burp Suite from v1.7.07 to 1.7.30

I have Burp Suite of version v1.7.07 installed on machine now wanted to upgrade it to the latest version 1.7.30 I clicked on 'Update Now' button, downloading is completed till 100% but nothing will happen then. Please...

Excluded scanner issue still showing up in report

Using 1.7.30 Minor thing here... I excluded a bunch of individual scan issues and ran a scan. In the final results, I still had "Python code injection" showing up in the results of issue types, even though it was excluded.

Intruder not starting a saved attack

Hi All I have been running an intruder attack and saving periodically and restarting without issues. However following a necessary save, reboot and resume i have been unable to get intruder to successfully open the saved...

Issue type vs Issue name uniqueness in scanner XML output

Hi team, I'm working on the Burp parser for Dradis (http://dradisframework.org) and one of our users has reported an issue with the way two different findings are reported under the same Issue type number. It seems...

Burp Suite generates "weak ephemeral Diffie-Hellman key" error with Firefox Developer Edition

I've been using Burp Suite with Firefox Developer Edition, but as of today, I cannot make HTTPS connections when using Burp Suite as a proxy. I now get the following error message: An error occurred during a connection to...

Burp Intruder Missing Delimiter

Hi, I have seen an unexpected behaviour in Burp when using Intruder and fuzz points. Within the Intruder you can define fuzz points via the § character, however, you don't have to use two of them. If only one § is used,...

Bug in Scanner Issue Activity

In my current project the greatest ID is 2634. At some point burp decided to continue the counting from around 1000 and I don't know whether it overwrites my existing vulnerabilities. This behavior has been noticed only on...

Burp API - IContextMenuInvocation - Modified request/response access/hinting

In the Burp extender API when retrieving the selected messages from the proxy history, I don't see any way to know if the selection occurs into a modified response/request panel or the original one....

Encounter blank screen when installing burpsuite in Kali Linux

Hi, The installation screen was blank when I try to install burpsuite_community_linux_v1_7_29.sh in Kali Linux. Please advice. Thank you

Settings not saved in project

I can create a new project and change the options under scanner -> options -> active scanner optimization to Thorough and Normal. However, after closing the project and opening it again, these options are not saved and...

Unable to use higher unicode characters

I was unable to use higher unicode characters, such as russian letters, in repeter and proxy. I can't even edit POST body with content type application/json; charset=utf-8 Letters get substituted with letters with low...

Low: Typo in Advisory - HSTS Misconfig

Social mistyped - "If there is no HTTP server, an attacker in the same network could simulate a HTTP server and motivate the user to click on a prepared URL by a scoial engineering attack."

Cannot download big files.

Hi! I cannot download any big files through burp proxy. There is no cert installation mistake because I tried this on so many other employees devices too. There are no ssl errors too because a file smaller than 4 mb gets...