Bug Reports - Page 146 - Burp Suite User Forum

XSS False positive

I have some reflected XSS reported as high+certain when actually there's no vulnerability. There is a specific header (anti Csrf) which is added by some js on page. Since a request from another domain won't be able to add...

negotiate authentication trouble

i'm used Burp Suite Professional last V i try to login website with negotiate authentication Burp Suite don't accept negotiate authentication how can i fix that ??

Target of CONNECT Sends Data First, Data not seen by Client; Expected?

Four scenarios: 1) Client -> Target 2) Client -> Squid -> Target 3) Client -> Burp Proxy (CONNECT) -> Target 4) Client -> Burp -> Squid -> Target * The underlying communications between the client and target in not...

Burp Suite 1.7.08 Infected/Backdoored?

burpsuite_pro_v1.7.08.jar MD5: eb98fc4432cff3e288afd2bd2b6b3661 SHA256:...

GUI display issue

Hi, I cant see some of burp text on it's menus, it happens when I change screen or click on something. I'm on VMWare 11 windows 10 java 1.7.0_80-b15. picture of the problem:...

SSL peer shut down incorrectly / WebSockets not upgrading

TL;DR - The default setting for 'Set "Connection close" on incoming requests', introduced in v1.6.32 should be disabled by default because it seems to break websockets. I had an issue that took me quite a while to figure...

processProxyMessage doesn't take changes from processHttpMessage into account

Hey guys, I am not sure if this is a bug or intended behavior but I wanted to let you know anyway. At work I recently made a small plugin that simply adds a custom header to outgoing requests by overriding...

Send to Decoder character limit

Hi there Any reason Send to Decoder only transfers the first 10,000 characters? When I copy and paste, the whole lot comes over - granted, that's a different buffer, but given that Send to Repeater handles larger blocks,...

buggy double click auto selection in response

bellow is response: HTTP/1.1 200 OK Server: openresty Date: Wed, 14 Sep 2016 04:28:37 GMT Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.4.11 Content-Length:...

Collaborator polling ssl root cert

Stood up a private collab server and everything seems to be running as expected. Looking at the polling server on 9443 however I get a cert error warning. Same cert is used for 443 and there's no warning. Not sure if I...

Intruder: Make it easier to retrieve long payloads from attack results

If a payload is quite long (when using, for example, the Bit Flipper payload on a long session token), it's truncated in the displayed results grid when the column is expanded. This isn't great, but it's livable if the whole...

Burp Scanner does not recognize Open Redirect

Burp Scanner does not recognize Open Redirect: When checking the raw scanner requests/responses with Logger++ I spotted the following Open Redirect situation that was not recognized/reported by the...

Unable to Repeat a Saved Attack

I am using Burp Suite Pro 1.7.06 with Java version 1.8.0_102 on Windows 10. I am able to open saved attacks via the "Intruder" > "Open Saved Attack" menu, but when I then select "Attack" > "Repeat" in the resulting pop-up...

Burp fails loading CSS, responds extremely sluggish, CPU up to 100%

Hi, I am using Burp on a Mac Book Pro (End 2013, 16 GB Ram) latest version (1.7.05). Burp has come to a point, that I can hardly use it for my day to day work: When doing an application test with Burp and Firefox (most...

Match-Replace Doesn't Work With External js Files

Hi, I'm not sure that this phenomenon is a bug or is an intentional "feature" and I've searched support and the community, but... I set up a series of rather heavy-handed filters, using "Match and Replace" - 4 to be...

Burp/Repeater decodes payload incorrectly

I am trying to send different payloads with Burp repeater, but found some characters to result in unwanted behavior of the repeater functionality. Details: I am sending the following character as a repeater payload...

SQLiPy plugin, no start button for sqlmap tab

OS: Kali Linux 2.0 Software versions installed: jython 2.7.0 Burpsuite 1.7.04 Java 1.7.0_79 SQLiPy 0.5.0 Issue: When trying to use the SQLmap plugin for Burpsuite with the above installations the "start" button...

Can't import Burp Project options after save

Hello, I try to import project options in "wizard" when burp is starting, but I can't. I always get message "Not a valid Burp file". But when I open Burp and click on menu and import again file - then this file is...

Failed to create Burp project: IndexOutOfBoundsException

I was working on a burp project the past 24 hours and today my computer crashed. When I went to load the project again after recovering my machine I am now getting an error. Failed to create Burp project:...

RuntimeException when trying to load SQLiPy

I have loaded Jython and SQLiPy, but when I try to copy a request from the Proxy using the SQLiPy Scan menu, I get a RuntimeException. Does anybody know what causes this? Note that sqlmapapi.py is running, and everything...