Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Issues not visible if related to 404 resources

Ermak | Last updated: Sep 11, 2015 10:31AM UTC

Hello, the scanner found a XSS in the referer header, and the answer is a custom 404 page with the XSS in the answer. However in the Target tab, the XSS is not visible if "Hide not-found items" is not disabled. Maybe vulnerabilities in the issues tab/window should be always visible... what you think? Thank you

Burp User | Last updated: Sep 11, 2015 10:34AM UTC

Oh, disabling the default option "Hide not-found items" is not enough, I have also to enable the visualization of 4xx requests

Liam, PortSwigger Agent | Last updated: Sep 11, 2015 11:14AM UTC

Hi Ermak Thanks for your message. Have you managed to fully your resolve your issue?

Burp User | Last updated: Sep 11, 2015 11:27AM UTC

An XSS (and probably other vulns), on a 404 resource, is only visible in the issues tab/windows if and only if the filter "Hide not-found items" is disabled and the filter show "4xx requests" is enabled from the GUI. Default filter Target options does not show the vulnerability to the user. I think this is a bug by design.

PortSwigger Agent | Last updated: Sep 11, 2015 11:32AM UTC