Bug Reports - Page 146 - Burp Suite User Forum

Mouse events ignored in filter text boxes

In some text inputs like the filters (by search term, by file extension: show/hide) in both the Target and Proxy tab seem to update the internals only when there's a keystroke event fired in them (the user either deletes or...

Java crypto policy files overwritten on upgrade

I'm testing a site which requires the alternative Java crypto policy files, I put them in place but after a Burp upgrade they were put back to the original ones. Left me confused as to why I could no longer access the...

Cacheable responses

HTTP, not just HTTPS responses obey the cache control headers, yes? So, shouldn't the finding for 'https://portswigger.net/KnowledgeBase/issues/Details/00700100_CacheableHTTPSresponse' be more generic. I noted in a...

Burp not working correctly if WAF uses connection reset

Hi, I am currently expecting a strange issue with Burp, which affects the active scanner. I have used the active scanner against a web application which is protected by some kind of WAF. The WAF works like this: if the...

Burp Project looses data

So this problem can cause loss of data in already saved project? Because is what happened to me unfortunately. Also, you know on which OS this problem can occur?

Missing Directory Listing vulnerability

Hello, In a recent engagement I found page that indeed there is directory listing but burp cannot identify it in any way. The source page also contains the string "Directory Listing For /....". I have run active and...

Burp Suite SSL Certificate Error (peer not authenticated)

Hi, We have encounter wired error while intercepting an application with SSL. 1480321180146 Repeater Auto-selected SSL parameters for domainstagxyz.domainxyz.com: default protocols,...

Scanner is very slow running

Burp Scanner is very slow running why ???

Let's Encrypts certificates

Burp appears to mark certs issued by Let's Encrypt as untrusted. Because of this, some plugins, like the relatively recent Dradis Framework plugin will fail.

Burp Active Scanner failed to detect certain XSS in JSON requests

Burp Active Scanner is unable to detect certain kinds of JSON parameter which are vulnerable to XSS Please refer to the below screenshot: https://dl.dropboxusercontent.com/u/9636822/jsonxss.png During manual...

In the active scan, sqli and judgment has a problem

My English is not good. In the active scan, (and 1=1) and (and 1=2 ) The returned result is different but the scan Not detected There is a problem

Hard-to-read HTML pages such as Extender and Documentation

I just noticed that most of the internally-accessible BurpSuite documentation isn't being shown correctly on my installation, as well as the Extender tool is difficult to read since the HTML source code is shown...

Burp Project looses data

I used burp 1.7.10 for a whole day without problems. I created a new project and at the end of the day i just closed burp without any errors or problems. The 2nd day i opened the same project and everything was fine, no...

XSS False positive

I have some reflected XSS reported as high+certain when actually there's no vulnerability. There is a specific header (anti Csrf) which is added by some js on page. Since a request from another domain won't be able to add...

negotiate authentication trouble

i'm used Burp Suite Professional last V i try to login website with negotiate authentication Burp Suite don't accept negotiate authentication how can i fix that ??

Target of CONNECT Sends Data First, Data not seen by Client; Expected?

Four scenarios: 1) Client -> Target 2) Client -> Squid -> Target 3) Client -> Burp Proxy (CONNECT) -> Target 4) Client -> Burp -> Squid -> Target * The underlying communications between the client and target in not...

Burp Suite 1.7.08 Infected/Backdoored?

burpsuite_pro_v1.7.08.jar MD5: eb98fc4432cff3e288afd2bd2b6b3661 SHA256:...

GUI display issue

Hi, I cant see some of burp text on it's menus, it happens when I change screen or click on something. I'm on VMWare 11 windows 10 java 1.7.0_80-b15. picture of the problem:...

SSL peer shut down incorrectly / WebSockets not upgrading

TL;DR - The default setting for 'Set "Connection close" on incoming requests', introduced in v1.6.32 should be disabled by default because it seems to break websockets. I had an issue that took me quite a while to figure...

processProxyMessage doesn't take changes from processHttpMessage into account

Hey guys, I am not sure if this is a bug or intended behavior but I wanted to let you know anyway. At work I recently made a small plugin that simply adds a custom header to outgoing requests by overriding...

Mouse events ignored in filter text boxes

Java crypto policy files overwritten on upgrade

Cacheable responses

Burp not working correctly if WAF uses connection reset

Burp Project looses data

Missing Directory Listing vulnerability

Burp Suite SSL Certificate Error (peer not authenticated)

Scanner is very slow running

Let's Encrypts certificates

Burp Active Scanner failed to detect certain XSS in JSON requests

In the active scan, sqli and judgment has a problem

Hard-to-read HTML pages such as Extender and Documentation

Burp Project looses data

XSS False positive

negotiate authentication trouble

Target of CONNECT Sends Data First, Data not seen by Client; Expected?

Burp Suite 1.7.08 Infected/Backdoored?

GUI display issue

SSL peer shut down incorrectly / WebSockets not upgrading

processProxyMessage doesn't take changes from processHttpMessage into account

Burp Suite Support Center