Burp Suite User Forum

Login to post

Display Bug after a weird HTTP Response

While testing an application, I got the following HTTP Response: HTTP/1.1 200 OK Date: Mon, 22 Feb 2016 15:52:27 GMT Expires: Mon, 22 Feb 2016 15:52:27 GMT Cache-Control: no-cache, private, no-store Content-Type:...

Last updated: Feb 23, 2016 09:44AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

burp 1.6.36 crashes window manager under GNU/Linux

Hi, since version 1.6.36 I encounter severe problems with burp. I'm running Debian GNU/Linux with awesome window manager. Before I start any Java application I follow advise on...

Last updated: Feb 23, 2016 03:09AM UTC | 1 Agent replies | 3 Community replies | Bug Reports

Burp pro won't start

I downloaded every version of burpsuite . But nothing starts on my system . Mine is 32 bit OS with JDK 1.7 and JRE7. 12 February 2016 Burp Suite Professional v1.6.37 - Shows invalid/ corrupt file 21 January 2016 Burp...

Last updated: Feb 19, 2016 10:52AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

collaborator issues

Hi, I have observed a glitch in collaborator's functionality. While (selectively) testing the persisten-xss module i have noticed the following payload being used: ...

Last updated: Feb 16, 2016 06:58AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

HTML rendering engine does not use upstream proxy configuration

When using Burp alongside an upstream proxy, rendering an HTTP response inside a response object will cause burp to fetch all page resources without going through the configured proxy. This can be pretty inconvenient...

Last updated: Feb 12, 2016 02:26PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

"Compare response" button causes Java errors, and sometimes doesn't render window

Using Java 1.8.0_66 on Mac OS X (fully patched and up to date for OS) I see Java exception when I click "Compare Response" on issues detected that have two requests. Sometimes the window renders as expected, sometimes it...

Last updated: Feb 10, 2016 03:32PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Crash when out of memory instead of error

When Burp runs out of memory, for example when restoring a large state, it just crashes, and the only way to close it is to kill the process. It should be doable to prevent this situation, and give an error like...

Last updated: Feb 02, 2016 12:05PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Multiple content types specified - false positive

Just ran into this (relatively minor) false positive. (Burp Pro 1.6.34) The report was issued over a a) Header: Content-Type: application/x-javascript and b) the string: '<meta http-equiv="Content-Type"...

Last updated: Jan 21, 2016 04:06PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

BurpSuite Pro crashes when using Grep feature in burp intruder after 1.6.33

After restoring a Burp Intruder attack from version =< 1.6.32, burp crashes if you try to use the Grep features in Intruder Options.

Last updated: Jan 21, 2016 01:28PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Collaborator issue

Hi I'm facing a permanent issue since collaborator has been implemented which is I never do heath check and get a positive result Here is screenshot of my situation...

Last updated: Jan 16, 2016 02:17PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Missing windows slider on Windows

Hi, when you are running Burp Suite on Windows, the windows slider is missing. It occurres when you have more items in a list view (i.e. in proxy tab) and you need to scroll down. Thank you.

Last updated: Jan 15, 2016 04:17PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Failed to restore scan issue type 0x501200 in v1.6.33

Hi. I have found a fatal bug. This bug will fail the state of the restoration in v1.6.33. Bug occurs when the "DOM data manipulation (DOM-based)" has been detected in the issue. However, we have found a workaround...

Last updated: Jan 15, 2016 01:23PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

cannot use input fields for entries on OS X (El Capitan)

I'm having trouble using input fields in Burp suite pro (latest version). For instance when actively scanning a wensite with a user/login area and burp suite asks me to enter the login credentials for a form, I cannot put...

Last updated: Jan 11, 2016 04:31PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Typo in trial email

Hi, this isn't a bug as such with the software itself but the wording of the trial email that gets sent out. In the 'How to purchase a full license' section where it lists the payment options it says: You can pay by credit...

Last updated: Jan 07, 2016 03:05PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Client certificate authentication, java exception.

I found that using the latest version of Burp (1.6.32) the authentication to a webserver with a client certificate fails due to an java exception. This error does not occur using version 1.6.01

Last updated: Jan 05, 2016 01:22PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Correctly sort Issue Definitions

When sorting by Name, the list is incorrectly being sorted. Capital letters are sorted before lower case letters. For example: PHP code injection comes before Password field with autocomplete enabled.

Last updated: Dec 28, 2015 07:39AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Remove duplicates from output of "Copy URLs in this host" (Site map)

The output of this menu option contains exact duplicates, including matching (or blank) query strings. Please deduplicate the list of URLs before output.

Last updated: Dec 23, 2015 09:47AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Small Bug - onload instead of onerror

Burp is generating the following attack string: GET /asdf/cf941%3cimg%20src%3da%20onload%3dalert(1)%3e HTTP/1.1 URL decoded: <img src=a onload=alert(1)> When it should be using the following attack string: GET...

Last updated: Dec 22, 2015 10:10AM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Missing legal value in "Frameable responce (potential Clickjacking)"

The "Remediation detail" claims: "The X-Frame-Options header should only have one of the expected values: DENY or SAMEORIGIN." That used to be the case, but today even: "ALLOW-FROM <url>" is allowed, as described in the...

Last updated: Dec 16, 2015 11:44AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Filtering of long extension doesn't seem to work

Burp doesn't seem to be hidding extension as expected when the extension is long like ".woff2" file. (Tested with 1.6.31)

Last updated: Dec 15, 2015 08:47AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Page 76 of 81

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image