Burp Suite User Forum

Login to post

Incorrect statement regarding HTML5 cross-origin resource sharing

Hello, In burp, the issue regarding "Access-Control-Allow-Origin: *" is described as follows: Issue detail The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request which allows...

Last updated: Jan 23, 2017 12:17PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Executing infiltrator on webgoat-container-7.1-exec.jar

Hi, don't know if it is a bug or not, but the problem accurs on Windows 7 and Xubuntu 16.04. Java Version: 1.8.0_111 Burp Suite Professional v1.7.15 The Problem: executing the burp_infiltrator_java.jar on...

Last updated: Jan 17, 2017 01:57PM UTC | 2 Agent replies | 0 Community replies | Bug Reports

Repeater Content-Length is not recalculated when json content is modified

Hi, Quite often in the repeater when you deal with a POST with a Content-Type: application/json;charset=utf-8, when you modify the json body the repeater doesn't recalculate the content-length header. If you add some...

Last updated: Jan 16, 2017 03:47PM UTC | 3 Agent replies | 3 Community replies | Bug Reports

handshake failure using strong cipher suites

Description: Clients requesting (exclusively) strong cipher suites are unable to connect to Burp proxy. Burp always causes handshake failure. Software used: oracle jdk1.8.0_122, burp suite 1.7.06 How to...

Last updated: Jan 13, 2017 11:57AM UTC | 6 Agent replies | 9 Community replies | Bug Reports

ECB Block Shuffler Payload type behaviour

Not sure if this is bug or im doing it wrong but i tried using the ECB Payload of Burpsuite with base request of: GET...

Last updated: Jan 04, 2017 09:57AM UTC | 2 Agent replies | 2 Community replies | Bug Reports

Version burpsuite_pro_v1.7.15 (OSX) is crashing when trying to start

While trying to start, the burp window opens but closes just after the screen refresh. It is strange because the JVM don't crash. The worst part is, I can not use the older version to reopen the project as now burps...

Last updated: Dec 22, 2016 09:11AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Viewing aspx extensions

Hi, When using Burp Suite Pro I've come across a problem where the response tabs are unable to display the raw response from aspx file extensions. When copying the raw response into both classic Notepad and Notepad++...

Last updated: Dec 21, 2016 09:51AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Cancelling a repeater request looses history

In the repeater, if a request is timing out and it is cancelled then the history is lost, i.e. the arrows stop working and you can't see other requests. Done it for me a few times on current test so very repeatable.

Last updated: Dec 15, 2016 03:41PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Mouse events ignored in filter text boxes

In some text inputs like the filters (by search term, by file extension: show/hide) in both the Target and Proxy tab seem to update the internals only when there's a keystroke event fired in them (the user either deletes or...

Last updated: Dec 15, 2016 03:40PM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Java crypto policy files overwritten on upgrade

I'm testing a site which requires the alternative Java crypto policy files, I put them in place but after a Burp upgrade they were put back to the original ones. Left me confused as to why I could no longer access the...

Last updated: Dec 15, 2016 10:52AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Cacheable responses

HTTP, not just HTTPS responses obey the cache control headers, yes? So, shouldn't the finding for 'https://portswigger.net/KnowledgeBase/issues/Details/00700100_CacheableHTTPSresponse' be more generic. I noted in a...

Last updated: Dec 14, 2016 04:14PM UTC | 1 Agent replies | 1 Community replies | Bug Reports

Burp not working correctly if WAF uses connection reset

Hi, I am currently expecting a strange issue with Burp, which affects the active scanner. I have used the active scanner against a web application which is protected by some kind of WAF. The WAF works like this: if the...

Last updated: Dec 13, 2016 11:23AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Project looses data

So this problem can cause loss of data in already saved project? Because is what happened to me unfortunately. Also, you know on which OS this problem can occur?

Last updated: Dec 05, 2016 04:53PM UTC | 2 Agent replies | 1 Community replies | Bug Reports

Missing Directory Listing vulnerability

Hello, In a recent engagement I found page that indeed there is directory listing but burp cannot identify it in any way. The source page also contains the string "Directory Listing For /....". I have run active and...

Last updated: Dec 05, 2016 10:04AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Burp Suite SSL Certificate Error (peer not authenticated)

Hi, We have encounter wired error while intercepting an application with SSL. 1480321180146 Repeater Auto-selected SSL parameters for domainstagxyz.domainxyz.com: default protocols,...

Last updated: Dec 05, 2016 09:37AM UTC | 3 Agent replies | 2 Community replies | Bug Reports

Scanner is very slow running

Burp Scanner is very slow running why ???

Last updated: Dec 05, 2016 09:01AM UTC | 4 Agent replies | 3 Community replies | Bug Reports

Let's Encrypts certificates

Burp appears to mark certs issued by Let's Encrypt as untrusted. Because of this, some plugins, like the relatively recent Dradis Framework plugin will fail.

Last updated: Nov 29, 2016 04:51PM UTC | 1 Agent replies | 3 Community replies | Bug Reports

Burp Active Scanner failed to detect certain XSS in JSON requests

Burp Active Scanner is unable to detect certain kinds of JSON parameter which are vulnerable to XSS Please refer to the below screenshot: https://dl.dropboxusercontent.com/u/9636822/jsonxss.png During manual...

Last updated: Nov 28, 2016 04:19AM UTC | 1 Agent replies | 1 Community replies | Bug Reports

In the active scan, sqli and judgment has a problem

My English is not good. In the active scan, (and 1=1) and (and 1=2 ) The returned result is different but the scan Not detected There is a problem

Last updated: Nov 21, 2016 09:14AM UTC | 1 Agent replies | 0 Community replies | Bug Reports

Hard-to-read HTML pages such as Extender and Documentation

I just noticed that most of the internally-accessible BurpSuite documentation isn't being shown correctly on my installation, as well as the Extender tool is difficult to read since the HTML source code is shown...

Last updated: Nov 18, 2016 10:38PM UTC | 1 Agent replies | 4 Community replies | Bug Reports

Page 82 of 92

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image