Bug Reports - Page 143 - Burp Suite User Forum

Fix gray autocomplete orphan dialogs

When working on Kali 2.0 and maybe others, Burp Suite tries to autocomplete previously used input. This generates an empty grey window that, sometimes, remains open and it's added to the list of open windows. Closing this...

CLI option "--help" doesn't work on Windows

Hello, on Windows x64 + Oracle v1.8.0_112 (from installation bundle), the "BurpSuitePro.exe" binary doesn't print the Help menu when called with "--help" (it just stops after a few seconds). However, other options like...

OS Command Injection FP?

Hi all, Burp active scan has found potential OS Command Injection using nslookup as the example. I'm unable to replicate this and the IP that burp collaborator shows is from google rather than the server of which the...

removeParameter API outputs incorrect request when removing the last Cookie

There is an API to remove a parameter from a given request in IExtensionHelpers interface (https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#removeParameter(byte[],%20burp.IParameter)). I use this API in...

Burp stops accepting keyboard input

I am having an issue identical to this one: https://support.portswigger.net/customer/portal/questions/11672133-unable-to-type-anything-on-any-field . The same issue affects OS X 10.12.5 with Java 8 Update 131. This is...

Burp does not process cookies when initializing Intruder

I am using a site which has multiple redirects after submitting a form. After the initial POST request, Burp does not use cookies on subsequent requests. Behavior from the browser: POST request sent with cookies => 302...

https:// sites not loading

Https sites are not loading when interception on.CA certificates are already instslled.i recently updated burp to 1.7 version but no luck.but i can still acess to http://burp ..im using java version 1.8 on my kali linux pc...

Save State Bug Report

I was trying to save the state of a project and received this error. burp.rmc at burp.d7g.a(Unknown Source) at burp.ung.a(Unknown Source) at burp.wng.a(Unknown Source) at burp.p2d.a(Unknown Source) at...

Strict transport security not enforced without request/response

The Strict transport security not enforced issues do not show a request/response. This does not make any sense, there was at least one response that had no HSTS header for Burp to show that issue, so it makes sense to report...

security testing

Hi Team, Can you please tell me how to test URL for finding issues like iframe , cross scripting, SSL, cookie vulnerability, HTTPonly & secure. Thanks

BUG

CO2 DOWNLAD AND EROR BrupSuite

SSL SNI not used with upstream proxy

Hello, SSL SNI works properly on regular connections but not on connections through upstream http proxy. After getting Handshake_Failure alerts when using an upstream http proxy I've confirmed that the "Server_Name"...

IP adddress regexp

Dear team, I noticed in burp 1.7.22 that "Private IP addresses disclosed" is failing to parse an IP address with this format: xxx.xx.xxx.xx. All remains IP address are being parsed. Kind Regards, Daniel

external service interaction DNS

Hi, I am using Burp 1.7.15. I scanned my system in Jan and got scan report. I scanned my system again in March, and got new issues "external service interaction DNS" in the report. I did not upgrade Burp...

We can't use multi-byte characters in sitemap comment to save as XML

When saving sitemap, we can't use multi-byte Japanese characters as comment. (Its generate invalid encoded XML.) [View] Target > Site map [Steps] 1. Set following words as sitemap comment. ???? 2. left-click on...

Upstream proxy configuration only passes URI and not domain/host

Hi, I have spent some time trying to configure an upstream squid proxy server in order to have a known source IP address for testing engagements, without relying on a VPN (unfortunately in my specific circumstances a...

Spider Queues Do Not Clear

Hello, I'm using Burp 1.7.21 and when I attempt to clear the Spider queue it is not cleared. This is an issue I've had many times with larger sites over many versions of Burp. Video of...

Burp Mobile Assistant - empty Source repo on Cydia

Hi Burp team, I am very grateful for the new Mobile Assistant feature. I downloaded it today (with Free Edition v1.7.21). I can get my jailbroken, ios 9.3.3 device to add my Cydia source: http://localhost:8080 but...

Bug Report

Burp Free Edition Are Not Support State Proxy Server So Please Solv It. Ethical Hacker

IMessageEditor.isMessageModified() does not detect modification

I have an extension that uses IMessageEditor.isMessageModified() to determine when a user has modified a request. This works when a user explicitly types a change, however, it does not return true after a user has...