Burp Suite User Forum

Login to post

IP adddress regexp

Dear team, I noticed in burp 1.7.22 that "Private IP addresses disclosed" is failing to parse an IP address with this format: xxx.xx.xxx.xx. All remains IP address are being parsed. Kind Regards, Daniel

Last updated: May 24, 2017 02:52PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

external service interaction DNS

Hi, I am using Burp 1.7.15. I scanned my system in Jan and got scan report. I scanned my system again in March, and got new issues "external service interaction DNS" in the report. I did not upgrade Burp...

Last updated: May 16, 2017 03:23PM UTC | 2 Agent replies | 2 Community replies | Bug Reports

We can't use multi-byte characters in sitemap comment to save as XML

When saving sitemap, we can't use multi-byte Japanese characters as comment. (Its generate invalid encoded XML.) [View] Target > Site map [Steps] 1. Set following words as sitemap comment. ???? 2. left-click on...

Last updated: May 15, 2017 08:27AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Upstream proxy configuration only passes URI and not domain/host

Hi, I have spent some time trying to configure an upstream squid proxy server in order to have a known source IP address for testing engagements, without relying on a VPN (unfortunately in my specific circumstances a...

Last updated: May 10, 2017 08:28AM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Spider Queues Do Not Clear

Hello, I'm using Burp 1.7.21 and when I attempt to clear the Spider queue it is not cleared. This is an issue I've had many times with larger sites over many versions of Burp. Video of...

Last updated: May 02, 2017 01:23PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Mobile Assistant - empty Source repo on Cydia

Hi Burp team, I am very grateful for the new Mobile Assistant feature. I downloaded it today (with Free Edition v1.7.21). I can get my jailbroken, ios 9.3.3 device to add my Cydia source: http://localhost:8080 but...

Last updated: May 01, 2017 02:24PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Bug Report

Burp Free Edition Are Not Support State Proxy Server So Please Solv It. Ethical Hacker

Last updated: Apr 29, 2017 09:16AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

IMessageEditor.isMessageModified() does not detect modification

I have an extension that uses IMessageEditor.isMessageModified() to determine when a user has modified a request. This works when a user explicitly types a change, however, it does not return true after a user has...

Last updated: Apr 28, 2017 01:44PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

Failed to create Burp project: NullPointerException (v1.7.21)

C:\>java -jar burpsuite_pro_v1.7.21.jar --project-file="C:\TEMP\testasdf" Failed to create Burp project: NullPointerException Running fine with burpsuite_pro_v1.7.19.jar

Last updated: Apr 27, 2017 10:56AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Error opening existing project

When I try to open an existing project after a computer or burp crash, I get the following error message: "An error occurred when starting a project with the selected options. Failed to create Burp project:...

Last updated: Apr 27, 2017 08:10AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Unable to load Burp Suite

Hi, I have installed the Burp Suite Free Edition v1.0.21 using jar. It worked when installed. Now, when I'm trying to open it next time. It just doesn't load. Giving an error when I'm trying to open using Terminal...

Last updated: Apr 24, 2017 12:29PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Server Side Code Injection not detected without enabling SQL Injection scanning module

Hello Team, While testing for python code injections, i observed that the burp suite pro 1.7.21 active scanner does not detect server side code injections without enabling the SQL Injection main module (sub-modules for...

Last updated: Apr 19, 2017 02:34PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

"Load user options" problem

Hi, I want to report a bug that I found on "Burp User Options" section. I have a specific configuration file and I import the file everytime I use Burp. My problem shows up on that importing part. When I import the...

Last updated: Apr 06, 2017 01:19PM UTC | 3 Agent replies | 1 Community replies | Bug Reports

Certs invalid on Chrome 58 due to CN Deprecation

TL;DR: Chrome 58 only looks at the SAN in a cert for validating hostnames and not the CN. Please add a SAN for the hostname when generating the cert. In 2000, RFC 2818 (https://tools.ietf.org/html/rfc2818) "deprecated"...

Last updated: Mar 22, 2017 05:00PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

cookie without secure flag - different issues

Can you explain the difference in these two issue which have both been flagged on the same site? Issue:  SSL cookie without secure flag...

Last updated: Mar 20, 2017 11:42AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

No API stack nor full parameter value when using Infiltrator with a private Collaborator server

[Tested with Burp Suite Pro 1.7.19] I instrument Jenkins 1.580.2 like that: java -jar ${JENKINS_HOME}/infiltrator.jar --non-interactive --report-parameter-values=true --report-call-stacks=true...

Last updated: Mar 19, 2017 10:39AM UTC | 0 Agent replies | 1 Community replies | Bug Reports

"Go" button of Engagement tools/Search box is lost

Hello, When you search long strings the "Go" button is lost after your first search. Well not completely lost but it is moved at the right when you search for 50+ char strings. Searching for 100 char make it disappear...

Last updated: Mar 11, 2017 06:28PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Illegal Unicode Payload seems to be not working

I have burp professional and I'm trying to use Illegal Unicode payload on Intruder but it seems that is not working. As an example I tried the request below selecting xpto from URL as a payload position and Snipper as an...

Last updated: Mar 11, 2017 01:50PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Repeater - 307 Redirects broken

It looks like the 307 Redirect is not implemented per spec in the Repeater. In Repeater, setting the "Follow Redirect", results in a 307 Redirect for a POST request gets converted to a GET request (and loses the POST...

Last updated: Mar 10, 2017 11:03AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Collaborator : Documentation typo

In the tutorial for Burp Collaborator, the command to convert certificate from PEM to PKCS8 has a typo. https://portswigger.net/burp/help/collaborator_deploying.html#ssl ``` openssl pkcs8 -topk8 -inform PEM -in...

Last updated: Mar 08, 2017 06:07PM UTC | 0 Agent replies | 1 Community replies | Bug Reports

Page 80 of 92

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image