Bug Reports - Page 142 - Burp Suite User Forum

"Link manipulation (DOM-based)" false positive - local variable override

Hi, Burp Scanner v1.6.38 generated false positive for "Link manipulation (DOM-based)". Excerpt from report: Data is read from location and passed to the 'href' property of a DOM element via the following...

1.7beta bug: disable proxy intercept at startup

I just downloaded 1.7beta (32-bit OS) I started it up and skipped changing the defaults (I did not load a config file, etc). I used the defaults. By default, Intercept was enabled. I looked for the following option to...

Coverage differences between public and private Collaborator instances

I recently tested Collaborator using different injection scenarios. I noticed that the vectors used are different, depending if Collbaorator is defined by its DNS name (public or private instance) or its IP address (private...

Requests sent to upstream proxies are NOT transcoded to proxy-style requests

When "Options > Connections > Upstream Proxy Servers" is used to redirect all traffic to an upstream server, requests are _NOT_ encoded to the proxy format (with a fully qualified first line). That's OK when chaining Burp...

How to fix the burp suit jar files.

Getting the error while launching burpsuite_pro_v1.6.35.jar. Error Description: "Error Invalid or Corrupt jarfile"

Pro 6.36 and 6.37 will not start, corrupt

I can run the free version .32. I purchased Pro and it won't start. Invalid or corrupt jarfile burpsuite_pro_v1.6.36.jar Invalid or corrupt jarfile burpsuite_pro_v1.6.37.jar

Scrolling button dissapears

The last few versions of Burp Pro (apologies I cannot recall which version I firstly identified this) suffer from a quite annoying bug. The scroll button in most of the windows/features that requires this, disappears soon...

Simple SQLi identification failed

Hi, I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks). In details, using active scan on "Login #4" page, Burp fails to identify the following...

Scanner unpaused scan of app1 when actively scanning a single page on app2 (SSO)

Here's the environment: - app1.example.com (SSO enabled app #1) - app2-stage.example.com (SSO enabled app #2) Here's the user story: 1.) Tester spiders app1 without SSO auth 2.) Tester does active scan of app1...

Bug with Extender self._callbacks.makeHttpRequest ?

When I use self._callbacks.makeHttpRequest in my extension and the target server responds with an SSL error such as "SSL received a record that exceeded the maximum permissible length. (Error code:...

Burp triggers DNS queries despite using an upstream proxy

Hi, We are experiencing performance issues with Burp, with some web application pages taking over a minute to load. After investigation, we found out that Burp was issuing local DNS requests which could not be resolved...

burpsuite free crashes in kali linux

With the recent update in java, when i try to run burpsuite in kali linux 2.0, as soon as i try to use the application, burpsuite crashes. and the system crashes and logs me out. I have the following version of java in my...

Protocol and port missmatch in target - site map

Using burpsuite_pro_v1.6.39.jar (but had the problem in previous versions too) Brup Extender Plugins: Active Scan++, Error Message Checks, Java Deserialization Scanner, Software Version Reporter, Heartbleed I lately get...

Burp will not run if a directory within the path ends with an "!"

Burp will not run if a directory within the path ends with an "!". Burp was here: c:\!tools!\burp\burpsuite_pro_v1.6.38.jar. Moved the "burp" dir to the root directory and it runs fine. Tested by renaming the "burp" dir to...

False positives due to non-encoded parameters

This is probably related to the new features implemented when http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html was written. It seems to be that some new features of the active scanner are incorrectly...

Filter window reopens right after closing by clicking on the filter bar since 1.6.37

Clicking on the filter bar in previous versions closed the filter window. In 1.6.37 and .38 it reopens it, and it only closes if the mouse clicks somewhere else in the main Burp window (outside the filter window). Here's a...

Display Bug after a weird HTTP Response

While testing an application, I got the following HTTP Response: HTTP/1.1 200 OK Date: Mon, 22 Feb 2016 15:52:27 GMT Expires: Mon, 22 Feb 2016 15:52:27 GMT Cache-Control: no-cache, private, no-store Content-Type:...

burp 1.6.36 crashes window manager under GNU/Linux

Hi, since version 1.6.36 I encounter severe problems with burp. I'm running Debian GNU/Linux with awesome window manager. Before I start any Java application I follow advise on...

Burp pro won't start

I downloaded every version of burpsuite . But nothing starts on my system . Mine is 32 bit OS with JDK 1.7 and JRE7. 12 February 2016 Burp Suite Professional v1.6.37 - Shows invalid/ corrupt file 21 January 2016 Burp...

collaborator issues

Hi, I have observed a glitch in collaborator's functionality. While (selectively) testing the persisten-xss module i have noticed the following payload being used: ...