Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Bug in Site map tab while showing only items in scope.

Claudio | Last updated: Mar 13, 2015 02:18PM UTC

While showing only items in scope, if we activate the flags "Show only requested items" and "Show only parameterized requests" and disable them again, the Site map no longer show only items in scope, but show other requests. This happens in the latest version of Burp (1.6.12)

PortSwigger Agent | Last updated: Mar 13, 2015 02:35PM UTC

Thanks for this report. We're struggling to reproduce this behavior. A few questions to help us: 1. Are the items that are wrongly showing in the tree or the table, or both? 2. Is it only some items that are affected? 3. Is there any particular feature of the affected items?

Burp User | Last updated: Mar 13, 2015 05:57PM UTC

For example: With only the filters: Hidding not found items; hidding empty folders browse to the URL www.sapo.pt In the scope I have reg exp with: Protocol: HTTP Host or IP: ^www\.microsoft\.com$ Port: ^80$ File: ^/.* You should have lots of hosts on the Site Map. If you activate "Show only in-scope items", there should be only the www.microsoft.com host. If you enable "Show only requested items" more items appear. If you disable that option again, that additional items remain where the only asset visible should be the one added to scope. Only when you disable and enable again the "Show only in-scope items" the issue disappears.

Burp User | Last updated: Mar 15, 2015 01:25PM UTC

Where is read www.sapo.pt it should be the site in scope, the example is www.microsoft.com

PortSwigger Agent | Last updated: Mar 16, 2015 09:06AM UTC

Thanks for the further detail. We've reproduced your steps and we're seeing the incorrect items appearing in the left-hand-side tree panel only. The items are greyed out, and if they are selected, then no items are shown in the right-hand-side table panel. Does this behavior match what you are seeing, or are you seeing actual invalid items listed in the table panel as well? This is definitely a bug either way, but we'd like to confirm precisely what behavior people are seeing to help ensure we can fix it.

PortSwigger Agent | Last updated: Mar 16, 2015 10:30AM UTC

Thanks. We'll review this problem further and aim to get it fixed in the next minor update.

Burp User | Last updated: Mar 16, 2015 10:57AM UTC

Exactly. Thats the behaviour I get.

Burp User | Last updated: Mar 17, 2015 03:21PM UTC

I'm seeing this same issue with URL's not in scope listed in the panel. Also more buggyness in the same panel. Items that are related to a particular in-scope URL are being listed underneath but outside the URL as separate resources. I cannot therefore hide them under their parent URL. Also having performed a search for a keyword, a large number (20+) of spurious blank items have appeared in the left hand panel with a question mark on them. This is burp 6.1.12 with Java 8 update 40 on Windows 8.1 update. It seems to happen after filters are set. The map restores if I save state, close down and restore, but will corrupt again if filters are applied and removed.

Burp User | Last updated: Mar 23, 2015 03:48PM UTC

I am also seeing this issue in the Proxy HTTP history Tab.

PortSwigger Agent | Last updated: Mar 25, 2015 08:24AM UTC

These issues with the site map should have been fixed in today's release, v1.6.13. Thanks again for your feedback and please let us know if you run into any further problems.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.