Burp Suite User Forum

Scan Freezes at Active Phase 1

Hello, I'm having an issue with the scan functionality on Burp Suite Professional v2020.2.1. The same exact request works with no issues on one of the earlier versions of Burp Suite Professional's scanner, v1.7.37. This...

Last updated: Mar 28, 2020 12:23AM UTC | 2 Agent replies | 4 Community replies | Bug Reports

Burp RAM Usage

Hi, When i run Burp, it is using too much memory. I have 16 gb ram but burp using 12 gb ram. How can i fix this problem.

Last updated: Mar 27, 2020 01:59PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp fails to upload file with "Received fatal alert: record_overflow" error

I am attempting to upload a vanilla PDF to the Glassdoor website while using Burp. With certain files, I keep getting this error: "Error "Received fatal alert: record_overflow" Others work. I don't understand what's...

Last updated: Mar 27, 2020 11:19AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

404 Error Loading Page

Hello, I keep getting a "404 page not found" error when trying to load my burp suite enterprise page. I can't access the application. Please help me with steps to resolve this.

Last updated: Mar 26, 2020 07:46PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Suite Professional scanner errors

Hello! In recent versions of Burp Suite Professional 2020.2, the scanner does not find all the SQL Injections that it previously found. This is bugs in scanner. To whom can I describe the details? Thanks a lot.

Last updated: Mar 26, 2020 06:59PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Opening an existing project with spaces in the directory name

..shows another BURP screen with an error message in red that the file could not be opened. This fails in both picking the file path from the recent projects list and in selecting the file via the Choose File...

Last updated: Mar 26, 2020 03:01PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Error in XXE Injection Lab

I just came across a problem while attempting the first XXE Injection lab. In the first lab, you have to define an entity and use it to retrieve the /etc/passwd file. I submitted the following payload: <?xml version="1.0"...

Last updated: Mar 26, 2020 01:39PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

MacOS Burp forces the use of discret GPU

Automatic GPU Switch Flag is missing from the plist file. <key>NSSupportsAutomaticGraphicsSwitching</key> <true/> This resolves the issue.

Last updated: Mar 26, 2020 12:17PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Hi, How do i solve this? I think there may be a problem because whenever i try to solve it, it always goes to a "Invalid Product ID" and it's strange because i even looked at the solution after my SQL codes didn't work and...

Last updated: Mar 26, 2020 11:06AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Problem

Hello, I have a problem with Burp Suite Pro. I run 6 windows at the same time. After a while, half of the windows themselves close. The remaining windows begin to use a lot of RAM. One of the windows uses 50 GB of RAM, the...

Last updated: Mar 26, 2020 10:59AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Alert on HSTS not enforced for HTTP Options Request

Hi there, Burp Suite Professional reports a lot of low severity alerts on HSTS not enforced for HTTP Options Request. Is it reasonable to enforce HSTS even on HTTP Options Request? Thks, Gary

Last updated: Mar 26, 2020 09:35AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Burp crashes every time when stored project is opened

Hi Burp Team, since 2 or 3 versions, Burp crashes every time I close it and reopen a stored project. If that happens, a prompt is shown that the current project needs to be repaired. I am currently running 2020.2.1....

Last updated: Mar 26, 2020 09:32AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Extension API processHttpMessage does not honor set* methods

Hi there, At least version 2020.2.1 broke the processHttpMessage extender API. You can try to use the "Add Custom Header" extension from BApp to see the issue. It is not setting a header. To confirm it's not that...

Last updated: Mar 26, 2020 08:35AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

BURP Pro v2020.2 throws NullPointerException's and corrupts screen

Collecting proxy history, running items in Repeater results in the screen update failures when clicking the mouse pointer on table rows in Proxy history. I see some broken screen redraw artifacts showing here and there...

Last updated: Mar 25, 2020 02:35PM UTC | 2 Agent replies | 5 Community replies | Bug Reports

Password Exposed in Dashboard

I noticed in a recent class that Burp Pro 2020.2.1 plainly displays the clear text password in the dashboard while an authenticated crawl is running. I can't imagine that this isn't a bug, because it doesn't make sense in...

Last updated: Mar 25, 2020 08:30AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

WebSocket functionality is not working properly

I'm trying to use burp as a reversproxy between an Electron client application and a remote server but apparently the communication once initialized seems to send malformed packages to the client that after a few moments...

Last updated: Mar 24, 2020 06:15PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Grep Extract Not Working Properly

Grep extract rules stopped working properly in recent versions. As recently as 2020.1 and still in 2020.2.1, creating a regex rule for a finished attack will not apply to the results, and string parsing rules only apply...

Last updated: Mar 24, 2020 03:27PM UTC | 0 Agent replies | 0 Community replies | Bug Reports

Is external service interaction vulnerability exploitable.

Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any...

Last updated: Mar 24, 2020 03:00PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Reapeter tab response time

the response time in reapeter tab has disappeared

Last updated: Mar 23, 2020 06:50PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Configured the Burp Proxy. Applications not working thru proxy

Hi Support, I configured the proxy as per the document in Burp and Mozilla. Applications not working through this proxy. It is just hanging. Kindly suggest.

Last updated: Mar 23, 2020 09:45AM UTC | 5 Agent replies | 4 Community replies | Bug Reports

Page 2 of 45

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image