Bug Reports - Page 153 - Burp Suite User Forum

Extender: isEnable called without proper context

Hi, While writing new extension (IMessageEditorTabFactory) I've encountered a small bug. Code is available here: https://raw.githubusercontent.com/carstein/burp-extensions/master/Argonaut.py While loading extension I...

off by one when saving intruder responses

When you save server responses from the Intruder the files are labelled from 1 but looking at the requests in the Intruder panel they start at 0 with the baseline request. I think the file naming should match the request...

Target Analyzer - Parameters - specific POST request - not showing correct data when opened

When I go to Target Analyzer - Parameters, I can see all occurrences of a specific parameter that Burp discovered. When I want to search e.g. for the parameter with name "parameter1", I can see all occurrences in the middle...

Multi monitore issue

Hi, I am using the current release of your Burp Suite with the following issue. Having two more screens left of my default screen the application hangs as soon as I put it onto any other than the default screen. Having...

Burp restore state problem

Hello, since the newer version of Burp Suite Professional (v1.6.23) i'm having problems restoring my burp save state. Here is a screenshot of the bug: http://i.imgur.com/lVdpnFx.png And the details: burp.eee:...

Duplicate extensions in Burp

On restoring a saved state, extensions were duplicated. Ideally burp should be taking care of preventing duplicates in extensions.

java.io.IOException: Unicode String

Dear, I'm getting inconsistent results, and I'm afraid Burp is the cause. When I modify a request in the repeater window , the following error is shown. java.io.IOException: Unicode String at...

Missing identification of response splitting vulnerability

We found a that Burp Suite it doesn't test response splitting vulnerability. For example: www.example.com/about.php?date=%0D%0ATest%3A%20no If the HTTP response get the additional header "Test: no" should be...

Extender API JavaDoc is Down

Hello, The Burp Extender API JavaDoc link (https://portswigger.net/burp/extender/api/index.html) currently returns a 404. Thanks, Robbie

Missing identification of SQL injection

Dear Sir, we identified a missing identification of Blind SQL injection on some specific parameter. The SQL injection is presented on a single parameter of a POST request. Like par=pluto par=pluto -> result...

Session Handling - determine session validity not working because of Redirect

Hello, I have an application which (by design) logs the user out (by redirecting to login page) when inputs don't have a valid value. I need to use the Session Handling to re-login. The log out detection in Burp is...

ITextEditor.getText() deadlock

Hi guys, First off, keep up the great work and I hope to meet you guys in Vegas for DC. I have a small issue with BurpSuite due to the way my plugin is making calls between the FX and Swing thread. I understand FX is not...

IMessageEditorController.getRequest() and .getResponse() race condition(?) in Intruder

Hi again, I am experiencing a strange race bug(?) in the Intruder result output window. For some reason, when viewing an HTTP response in a custom IMessageEditorTab, the .getRequest() and .getResponse() methods return a...

Collaborator External Service Interaction (DNS) - Mismatch in attack vector

There is a mismatch in the Collaborator External Service Interaction (DNS) between the URL inserted in the attack vector and the DNS request that Burp collaborator display in scanner result. One example...

indexOutOfBoundsException in BurpSuite

Hello, I am trying to use BurpSuite_free_V1.6.01 with jdk 1.7.0_80 with the accessbridge enabled so I can use the JAWS screenreader with it. After starting burpsuite and opening firefox 31.1.1 which has been configured...

Burp closed without confirmation box

Hi, Not sure this can be considered as a bug but the feature needed to be improved. I launched the burp from cmd command line ( java -jar etc ) to increase the RAM allocation for the software. At one point, I accidentally...

Content view not picking up resource

I noticed the Contents View in site map sometimes does not pick up specific resources under certain conditions. Ex : An item has been identified during a spider scan as a GET request to /content/script, gets added...

Different URLs in Target: Request, Raw and Site map URL

I recognized that the URL in Target, Site map is different from the URL in the Request, Raw window. Here is what is shown in the Site map window right above (list of all URLs): https://www._something_.com/ - GET -...

Exception on restore state

Trying to restore state on Burp Pro 1.6.18 the following exception occurred: java.lang.IndexOutOfBoundsException: Index: 3, Tab count: 1 at javax.swing.JTabbedPane.checkIndex(JTabbedPane.java:1768) at...

invalid macros

Hello, we are experiencing problem with stored macros in Option -> Sessions. Macros work fine immediately after being recorded. But after some time (even days), stored Requests become invalid and empty - full of...