Burp Suite User Forum

XML and XPath false positives in scanner module

The scanner module reports XML and XPath false positives when it finds certain strings (e.g. xmlschema, ajaxpath) in the the response of automated scans, but it does not consider when those same strings were already present...

Last updated: Apr 15, 2015 09:00AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Hidden API for IHttpRequestResponse objects?

Hello, I found a suprising behavior in the Extender API (using Jython). Because of a typo, I called getUrl() on some IHttpRequestResponse objects... and it worked! Given the API documentation (both online...

Last updated: Apr 14, 2015 09:30AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Window issues on Mac OS 10.10

On Mac OS 10.10, when Burp Free is running, it doesn't show up in the dock, or in the command-tab window switcher. So it's difficult to switch to it. When you minimize it, its window does show up in the dock. But then...

Last updated: Apr 13, 2015 03:55PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Java RE 6 Required?

I am in my 14-day evaluation period of Burp Suite. Yesterday I attempted to test a site via https; Burp Suite would not perform the test using Java RE version 8. I had to downgrade to version 6 of the JRE ( a version chock...

Last updated: Apr 13, 2015 07:47AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Automatic Backup's and Save State not working.

Hi, I'm currently running Burp Pro 1.6.12 on a Windows 7 machine. I have allocated Burp 2GB of ram and am using Java (build 1.7.0_75-b13). I have not been able to make a test for this bug that can be reproduced, but I...

Last updated: Apr 01, 2015 11:23AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp closes itself with zero exit code and no exceptions nor output

This is the output of running Burp under strace: https://gist.github.com/berdario/97c3a973a78e7c081a34 And this is the output with strace...

Last updated: Mar 31, 2015 12:31PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Bug in Site map tab while showing only items in scope.

While showing only items in scope, if we activate the flags "Show only requested items" and "Show only parameterized requests" and disable them again, the Site map no longer show only items in scope, but show other requests....

Last updated: Mar 25, 2015 08:24AM UTC | 4 Agent replies | 5 Community replies | Bug Reports

java.sql.SQLException: Invalid column index not detected by active scanner

Hi, while working on an application with the active scanner of Burp 1.6.12 a lot of possible SQL injections like: -------------- SERVICE NOT AVAILABLE. Please refer to your system administration<br>FooException:...

Last updated: Mar 18, 2015 09:52PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Failed to parse the content of the page for SQL Injection indications in the passive scanner

Suppose the following scenario: I access a particular page, and in the body of the page you have a MySQL syntax error with the SQL query. The base request is always the same, it already has the SQL query in the...

Last updated: Mar 17, 2015 09:24PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

File dialog paths across the application

Burp seems to maintain the same file path through-out the application. If would be useful if the last save/restore file location was stored separately to the load intruder payloads path.

Last updated: Mar 17, 2015 02:19PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

recieving smart card error "card was detected but not the right one..."

I just started to receive a smart card error when attempting to load my smart card certificates to burp. I have been using the p11-capi.dll successfully for some time. The error I receive from the card manager follows. "A...

Last updated: Mar 17, 2015 01:49PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Escaping Help

Hi, Not sure if this should fall under "Bug Reports" or "Feature Requests" so please move if needed. Anyway, when looking at Burp's built in help (by clicking on the "?" mark) it pops up in a small window. I can not...

Last updated: Mar 16, 2015 09:29AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Intruder results: copying a column with Control-Click in Pro version

From the Intruder documentation: "You can reorder the table's contents by clicking on any column header [...] You can copy the contents of a column by Ctrl-clicking the header [Pro version]". Bug #1: A column is reordered...

Last updated: Mar 13, 2015 08:30PM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Visual bug in Intruder when two payload sets are of type "Dates"

Tested on Burp Pro v1.6.11 on OpenJDK 1.7.0_75-b13 (and many different setups) That's an old bug, which happens only in a specific situation. How to reproduce: - send a request to Intruder - in the "Positions" tab,...

Last updated: Mar 13, 2015 08:27PM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Maximising Burp

I'm having a bug with Burp on a multi-monitor setup where it won't maximize and take advantage of the full screen. See the image below for an explanation - Burp will only maximize to the bottom ~90% of the...

Last updated: Mar 05, 2015 02:53PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Duplicate type IDs?

Hey, I'm not sure if this is a bug or standard functionality, but some clarification would help. In recent releases we've seen some type IDs that are the same for different issues. <type>134217728</type> ...

Last updated: Mar 05, 2015 02:50PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

PostData removed when changing cookies in repeater/params tab

When I change data in the params tab ( either deleting/editing/moving) parameters , the postdata in the resulting request is gone ! Postdata is in this form {"productId":"xxxxx#xxx#xxx"}. ( however also tested with...

Last updated: Mar 05, 2015 02:12PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

DOM-based open redirection error

Hi, I am getting 'Open redirection (DOM-based)' error on all my pages . Can you help me to resolve this

Last updated: Feb 27, 2015 01:33PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Passive Scanning of .js CPU intensive and always retrying the same file

Hi there, I'm reporting a behavior that i've noticed since the new static code analysis was introduced. I've noticed that whenever there is a .js or other file that is Big or with complicated code, the passive scanner is...

Last updated: Feb 26, 2015 04:42PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Font size

When adjusting the font size, there is no changes to the HTTP message section.

Last updated: Feb 18, 2015 08:38AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Page 44 of 45

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image