Bug Reports - Page 144 - Burp Suite User Forum

Failed to create Burp project: NullPointerException (v1.7.21)

C:\>java -jar burpsuite_pro_v1.7.21.jar --project-file="C:\TEMP\testasdf" Failed to create Burp project: NullPointerException Running fine with burpsuite_pro_v1.7.19.jar

Error opening existing project

When I try to open an existing project after a computer or burp crash, I get the following error message: "An error occurred when starting a project with the selected options. Failed to create Burp project:...

Unable to load Burp Suite

Hi, I have installed the Burp Suite Free Edition v1.0.21 using jar. It worked when installed. Now, when I'm trying to open it next time. It just doesn't load. Giving an error when I'm trying to open using Terminal...

Server Side Code Injection not detected without enabling SQL Injection scanning module

Hello Team, While testing for python code injections, i observed that the burp suite pro 1.7.21 active scanner does not detect server side code injections without enabling the SQL Injection main module (sub-modules for...

"Load user options" problem

Hi, I want to report a bug that I found on "Burp User Options" section. I have a specific configuration file and I import the file everytime I use Burp. My problem shows up on that importing part. When I import the...

Certs invalid on Chrome 58 due to CN Deprecation

TL;DR: Chrome 58 only looks at the SAN in a cert for validating hostnames and not the CN. Please add a SAN for the hostname when generating the cert. In 2000, RFC 2818 (https://tools.ietf.org/html/rfc2818) "deprecated"...

cookie without secure flag - different issues

Can you explain the difference in these two issue which have both been flagged on the same site? Issue: SSL cookie without secure flag...

No API stack nor full parameter value when using Infiltrator with a private Collaborator server

[Tested with Burp Suite Pro 1.7.19] I instrument Jenkins 1.580.2 like that: java -jar ${JENKINS_HOME}/infiltrator.jar --non-interactive --report-parameter-values=true --report-call-stacks=true...

"Go" button of Engagement tools/Search box is lost

Hello, When you search long strings the "Go" button is lost after your first search. Well not completely lost but it is moved at the right when you search for 50+ char strings. Searching for 100 char make it disappear...

Illegal Unicode Payload seems to be not working

I have burp professional and I'm trying to use Illegal Unicode payload on Intruder but it seems that is not working. As an example I tried the request below selecting xpto from URL as a payload position and Snipper as an...

Repeater - 307 Redirects broken

It looks like the 307 Redirect is not implemented per spec in the Repeater. In Repeater, setting the "Follow Redirect", results in a 307 Redirect for a POST request gets converted to a GET request (and loses the POST...

Burp Collaborator : Documentation typo

In the tutorial for Burp Collaborator, the command to convert certificate from PEM to PKCS8 has a typo. https://portswigger.net/burp/help/collaborator_deploying.html#ssl ``` openssl pkcs8 -topk8 -inform PEM -in...

Possible Path encoding error leading to loading failure of extentions

When loading a stock extension (In this case, autorize), I encountered this error after updating this morning to the latest version. Version: 1.7.18 OS: Win10 Error: Traceback (most recent call last): File...

Extension with JRuby (bug?)

Hi, I downloaded the new release 1.7.19 that fixes a bug that was introduced in 1.7.18 that prevented Python and Ruby extensions from loading in Windows. But, I think there is still a problem, for example I take an...

Problem running burpsuite_free_linux_v1_7_10.sh on 32-bit Debian 8.6

Hello! After downloading burpsuite_free_linux_v1_7_10.sh from the website, allowing execution (chmod +x), then running it (even with sudo) I get the following error message: Unpacking JRE ... Starting Installer...

Burp v1.7.17 Pro appears to be dropping HTTPs requests

Hi everyone. I am having some issues with Burp Suite v1.7.17 Pro. I can load HTTP sites fine and intercept them with the Burp Proxy, but I am unable to load ANY HTTPs sites, the browser just continues to load waiting. I...

CONNECT request for plaintext resource fails

Hi, While testing Metasploit modules during module development, I will often try to pass the HTTP requests Metasploit is making through burp. However, when Metasploit is interacting with a plaintext resource (no SSL),...

Burp Scanner doesn't use cookie from session handling rule (makro)

So because I need some testcases for my new burp plugin I tried scanning the Hackerone bug bounty program of lyst.com https://hackerone.com/lyst . I found a potential bug in Burp's Makro/Session handling. The Makro is not...

How do i get this fixed ?!

I've downloaded webGoat which now runs on port 8080, and Burp is installed on port 8181 , i set up the browser connection proxy to 127.0.0.1:8181 burp proxy listener on 127.0.0.1:8181 and the target scope to...

Firefox Developer Tools shows 200 instead of 302 when using Burp as a proxy

Not sure why but for some 302 response if I'm using Burp as a proxy on Firefox from Burp Proxy History or Interception I can see the 302 but on Firefox Developer Tools shows me 200. Removing Burp as a proxy from Firefox I...