Bug Reports - Page 151 - Burp Suite User Forum

File Ownership Not Returned

Hello, I am playing with the MDSEC training lab for the Java Applet input validation bypass. As part of this I was using the right click 'Paste from File' option to inject my modified client. While this worked it looks...

BurpSuite not running on Java version 8u45, had to downgrade to 7u75

Hi, I recently tried running BurpSuite (current version) and was unable to run it with Java 8u45. I downgraded Java to 7u75 and it worked again. Has anyone else seen this error? # A fatal error has been detected by the...

Spider this branch

Scans the branch, then the rest of the directory tree.

Not tracking extension properly

Extender > BApp Store None of the Installed boxes are checked. But if select certain extensions like .NET Beautifier, under the description the Install button is greyed out.

Discover content requests out-of-scope item

In Target > Scope I've set "Exclude in scope" to be as follows: ^/auth/logout.* However, despite this "Content discovery" appears to request /auth/logout causing the discovery session to be logged out. A workaround...

XML and XPath false positives in scanner module

The scanner module reports XML and XPath false positives when it finds certain strings (e.g. xmlschema, ajaxpath) in the the response of automated scans, but it does not consider when those same strings were already present...

Hidden API for IHttpRequestResponse objects?

Hello, I found a suprising behavior in the Extender API (using Jython). Because of a typo, I called getUrl() on some IHttpRequestResponse objects... and it worked! Given the API documentation (both online...

Window issues on Mac OS 10.10

On Mac OS 10.10, when Burp Free is running, it doesn't show up in the dock, or in the command-tab window switcher. So it's difficult to switch to it. When you minimize it, its window does show up in the dock. But then...

Java RE 6 Required?

I am in my 14-day evaluation period of Burp Suite. Yesterday I attempted to test a site via https; Burp Suite would not perform the test using Java RE version 8. I had to downgrade to version 6 of the JRE ( a version chock...

Automatic Backup's and Save State not working.

Hi, I'm currently running Burp Pro 1.6.12 on a Windows 7 machine. I have allocated Burp 2GB of ram and am using Java (build 1.7.0_75-b13). I have not been able to make a test for this bug that can be reproduced, but I...

Burp closes itself with zero exit code and no exceptions nor output

This is the output of running Burp under strace: https://gist.github.com/berdario/97c3a973a78e7c081a34 And this is the output with strace...

Bug in Site map tab while showing only items in scope.

While showing only items in scope, if we activate the flags "Show only requested items" and "Show only parameterized requests" and disable them again, the Site map no longer show only items in scope, but show other requests....

java.sql.SQLException: Invalid column index not detected by active scanner

Hi, while working on an application with the active scanner of Burp 1.6.12 a lot of possible SQL injections like: -------------- SERVICE NOT AVAILABLE. Please refer to your system administration<br>FooException:...

Failed to parse the content of the page for SQL Injection indications in the passive scanner

Suppose the following scenario: I access a particular page, and in the body of the page you have a MySQL syntax error with the SQL query. The base request is always the same, it already has the SQL query in the...

File dialog paths across the application

Burp seems to maintain the same file path through-out the application. If would be useful if the last save/restore file location was stored separately to the load intruder payloads path.

recieving smart card error "card was detected but not the right one..."

I just started to receive a smart card error when attempting to load my smart card certificates to burp. I have been using the p11-capi.dll successfully for some time. The error I receive from the card manager follows. "A...

Escaping Help

Hi, Not sure if this should fall under "Bug Reports" or "Feature Requests" so please move if needed. Anyway, when looking at Burp's built in help (by clicking on the "?" mark) it pops up in a small window. I can not...

Intruder results: copying a column with Control-Click in Pro version

From the Intruder documentation: "You can reorder the table's contents by clicking on any column header [...] You can copy the contents of a column by Ctrl-clicking the header [Pro version]". Bug #1: A column is reordered...

Visual bug in Intruder when two payload sets are of type "Dates"

Tested on Burp Pro v1.6.11 on OpenJDK 1.7.0_75-b13 (and many different setups) That's an old bug, which happens only in a specific situation. How to reproduce: - send a request to Intruder - in the "Positions" tab,...

Maximising Burp

I'm having a bug with Burp on a multi-monitor setup where it won't maximize and take advantage of the full screen. See the image below for an explanation - Burp will only maximize to the bottom ~90% of the...