Burp Suite User Forum
Using Java 1.8.0_66 on Mac OS X (fully patched and up to date for OS) I see Java exception when I click "Compare Response" on issues detected that have two requests. Sometimes the window renders as expected, sometimes it...
When Burp runs out of memory, for example when restoring a large state, it just crashes, and the only way to close it is to kill the process. It should be doable to prevent this situation, and give an error like...
Just ran into this (relatively minor) false positive. (Burp Pro 1.6.34) The report was issued over a a) Header: Content-Type: application/x-javascript and b) the string: '<meta http-equiv="Content-Type"...
After restoring a Burp Intruder attack from version =< 1.6.32, burp crashes if you try to use the Grep features in Intruder Options.
Hi I'm facing a permanent issue since collaborator has been implemented which is I never do heath check and get a positive result Here is screenshot of my situation...
Hi, when you are running Burp Suite on Windows, the windows slider is missing. It occurres when you have more items in a list view (i.e. in proxy tab) and you need to scroll down. Thank you.
Hi. I have found a fatal bug. This bug will fail the state of the restoration in v1.6.33. Bug occurs when the "DOM data manipulation (DOM-based)" has been detected in the issue. However, we have found a workaround...
I'm having trouble using input fields in Burp suite pro (latest version). For instance when actively scanning a wensite with a user/login area and burp suite asks me to enter the login credentials for a form, I cannot put...
Hi, this isn't a bug as such with the software itself but the wording of the trial email that gets sent out. In the 'How to purchase a full license' section where it lists the payment options it says: You can pay by credit...
I found that using the latest version of Burp (1.6.32) the authentication to a webserver with a client certificate fails due to an java exception. This error does not occur using version 1.6.01
When sorting by Name, the list is incorrectly being sorted. Capital letters are sorted before lower case letters. For example: PHP code injection comes before Password field with autocomplete enabled.
The output of this menu option contains exact duplicates, including matching (or blank) query strings. Please deduplicate the list of URLs before output.
Burp is generating the following attack string: GET /asdf/cf941%3cimg%20src%3da%20onload%3dalert(1)%3e HTTP/1.1 URL decoded: <img src=a onload=alert(1)> When it should be using the following attack string: GET...
The "Remediation detail" claims: "The X-Frame-Options header should only have one of the expected values: DENY or SAMEORIGIN." That used to be the case, but today even: "ALLOW-FROM <url>" is allowed, as described in the...
Burp doesn't seem to be hidding extension as expected when the extension is long like ".woff2" file. (Tested with 1.6.31)
I've set up a session handling rule to fetch csrf token and place valid value in request I wish to test. I've placed XSS code into one of the POST params. Unfortunatelly, after the request was issued and response received,...
Somewhere in the last couple of updates the scanner has started flagging responses as "Content type incorrectly stated", when they appear correct. Something to do with the response being encoded with gzip? GET...
Are the decoder Hash buttons working? text would put of MD5 hash of 'Foobar' shows as '?Õs?ª»¾e¾5Ëæ?àm' instead of '89D5739BAABBBE65BE35CBE61C88E06D'. I'm on Burp v1.6.31
Since the port is missing a copy and paste will not work without the user modifying the link. Perhaps this is intentional (I realize there could be more than one proxy listener on different ports). If there is multiple proxy...
Whenever i am using the burp repeater, the response display in raw is garbled/corrupted characters, showing mixes of unrecognizable characters (white boxes etc). This does not happen on any other parts, just on the repeater....
Page 147 of 152
Your source for help and advice on all things Burp-related.