Burp Suite User Forum
Tested on v1.6.26 / Linux / Oracle 1.8.0_45-b14 In Repeater (at least), a header like "Location: //nicob.net" is treated as a redirection to "//nicob.net" on the same host. However, browsers will redirect to...
Hi There! I'm a user of Burp Pro, I have recently switched to a Virtualized Environment (VirtualBox) running Kali Linux. Every so often Burp will randomly close. It can happen from using the Intruder or just capturing...
Not properly sorted by name. Capital letters should not make a difference. Findings should be mapped to OWASP Top 10 and WASC.
## Issue * When using `http-get-form` with `HYDRA_PROXY_HTTP` set and using Burp as the proxy, the GET parameters are not being passed on. * Using other proxies (such as ZAP), or not using a proxy at all, the GET...
Hello, the scanner found a XSS in the referer header, and the answer is a custom 404 page with the XSS in the answer. However in the Target tab, the XSS is not visible if "Hide not-found items" is not disabled. Maybe...
Hi, Sometimes Burp fails to open a Macro Recorder dialog ( Options / Sessions / Macros > Add > Record macro ). I confirmed that it happens when Burp Proxy receive requests frequently (1req/5sec or more, I'm testing web...
Many of our websites incorporate AngularJS now. However the content isn't always properly parsed or stays in an loop where it is impossible to input anything through the browser. Has anyone seen this behaviour and has a...
HI, I did Active scan for one request on form submission using burp pro v 1.6.17 . It didn't listed any XSS for one hidden parameter which is not encoded . It I do same thing using Intercept proxy XSS is listed . Later...
# # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_UNCAUGHT_CXX_EXCEPTION (0xe06d7363) at pc=0x000007fefd97b3dd, pid=1172, tid=5828 # # JRE version: Java(TM) SE Runtime Environment...
After running Burp Active scan, I observed few Open redirection issues. However, when I check Cross-domain Referer leakage issues, there are many reported which I don't think should be there as they were caused by an Open...
Hi, While writing new extension (IMessageEditorTabFactory) I've encountered a small bug. Code is available here: https://raw.githubusercontent.com/carstein/burp-extensions/master/Argonaut.py While loading extension I...
When you save server responses from the Intruder the files are labelled from 1 but looking at the requests in the Intruder panel they start at 0 with the baseline request. I think the file naming should match the request...
When I go to Target Analyzer - Parameters, I can see all occurrences of a specific parameter that Burp discovered. When I want to search e.g. for the parameter with name "parameter1", I can see all occurrences in the middle...
Hi, I am using the current release of your Burp Suite with the following issue. Having two more screens left of my default screen the application hangs as soon as I put it onto any other than the default screen. Having...
Hello, since the newer version of Burp Suite Professional (v1.6.23) i'm having problems restoring my burp save state. Here is a screenshot of the bug: http://i.imgur.com/lVdpnFx.png And the details: burp.eee:...
On restoring a saved state, extensions were duplicated. Ideally burp should be taking care of preventing duplicates in extensions.
Dear, I'm getting inconsistent results, and I'm afraid Burp is the cause. When I modify a request in the repeater window , the following error is shown. java.io.IOException: Unicode String at...
We found a that Burp Suite it doesn't test response splitting vulnerability. For example: www.example.com/about.php?date=%0D%0ATest%3A%20no If the HTTP response get the additional header "Test: no" should be...
Hello, The Burp Extender API JavaDoc link (https://portswigger.net/burp/extender/api/index.html) currently returns a 404. Thanks, Robbie
Dear Sir, we identified a missing identification of Blind SQL injection on some specific parameter. The SQL injection is presented on a single parameter of a POST request. Like par=pluto par=pluto -> result...
Page 149 of 152
Your source for help and advice on all things Burp-related.