Bug Reports - Page 153 - Burp Suite User Forum

Different URLs in Target: Request, Raw and Site map URL

I recognized that the URL in Target, Site map is different from the URL in the Request, Raw window. Here is what is shown in the Site map window right above (list of all URLs): https://www._something_.com/ - GET -...

Exception on restore state

Trying to restore state on Burp Pro 1.6.18 the following exception occurred: java.lang.IndexOutOfBoundsException: Index: 3, Tab count: 1 at javax.swing.JTabbedPane.checkIndex(JTabbedPane.java:1768) at...

invalid macros

Hello, we are experiencing problem with stored macros in Option -> Sessions. Macros work fine immediately after being recorded. But after some time (even days), stored Requests become invalid and empty - full of...

Python extension unloading itself periodically

I have a toy Python extension that simply prints out all command-line arguments, and calls exitSuite if there were any to print. About 50% of the time that I run Burp Suite from the command prompt, there is no output and...

Extensions loading multiple times when restoring state

Whenever I restore a state file, it loads extensions multiple times. Burp 1.6.18, Java 8u45. Screenshot: https://imgur.com/sQ9EnMp

UI - custom shortcuts - not working in detached tabs

Hi, when I set up custom keyboard shortcuts in Options:Misc:Hotkeys, they do not work in windows I detach using the Window:'Detach XY' submenu. Regards, igor

Possible bug in concrete class of IScanQueueItem

Hi, I think I may have discovered a small bug with the concrete implementation of the IScanQueueItem returned by the doActiveScan methods. When I try to access a method, I get the following error: Exception in thread...

Bug in IRequestInfo.getUrl()

Hello, There is a bug in IRequestInfo.getUrl() that is related to how the hostname is retrieved. Currently getUrl() uses the hostname specified in the target options instead of the Host header in the HTTP request....

Burp goes into headless mode with open jdk version 1.7.0_79

Hi, Whenever I run Burp Suite on my system it prints following message and goes headless (no splash screen even). If i delete .java/.userPrefs/burp folder, then it even prints the license agreement on the...

Proxy Listeners aren't visible

Hi, When I add a proxy listener on Proxy / Options / Proxy Listeners, I can't see the added listener on Burp GUI. So I can't edit or remove it with mouse cursor (cursor keys can help the scene). Burp Suite...

Request never complete

Using burp free with OSX 10.10 (also tried in a kali VM using OSX as the host os) I've set up burp now in several different browsers, trusting the SSL certs and all even using the plug-n-hack plugin on firefox to auto...

Unable to type anything on any field

Any field that requires me to type anything, does not accept any input. I am using OS X 10.10.2, with Java version 1.8.0_40, and Burp Suite is at v1.6.17. For example, when I go to options-Connections and check to do...

intruder tab problem

Dear's i was using the app normally then restart the machine after that i tried to open the intruder tab the sub tabs is dim and cant add any data. i need your help as soon as possible please. Screenshot...

File Ownership Not Returned

Hello, I am playing with the MDSEC training lab for the Java Applet input validation bypass. As part of this I was using the right click 'Paste from File' option to inject my modified client. While this worked it looks...

BurpSuite not running on Java version 8u45, had to downgrade to 7u75

Hi, I recently tried running BurpSuite (current version) and was unable to run it with Java 8u45. I downgraded Java to 7u75 and it worked again. Has anyone else seen this error? # A fatal error has been detected by the...

Spider this branch

Scans the branch, then the rest of the directory tree.

Not tracking extension properly

Extender > BApp Store None of the Installed boxes are checked. But if select certain extensions like .NET Beautifier, under the description the Install button is greyed out.

Discover content requests out-of-scope item

In Target > Scope I've set "Exclude in scope" to be as follows: ^/auth/logout.* However, despite this "Content discovery" appears to request /auth/logout causing the discovery session to be logged out. A workaround...

XML and XPath false positives in scanner module

The scanner module reports XML and XPath false positives when it finds certain strings (e.g. xmlschema, ajaxpath) in the the response of automated scans, but it does not consider when those same strings were already present...

Hidden API for IHttpRequestResponse objects?

Hello, I found a suprising behavior in the Extender API (using Jython). Because of a typo, I called getUrl() on some IHttpRequestResponse objects... and it worked! Given the API documentation (both online...