Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Wrong settings for config "Audit checks - extensions only"

NIcolas Grégoire Oct 09, 2019 08:58AM UTC


the default configuration entry "Audit checks - extensions only" enables more than extension-provided checks, which is more than surprising (and very disturbing).

Go to the menu bar, then select "Burp > Configuration library"
Highlight "Audit checks - extensions only" and click on "Edit"
Go to "Issues reported", sort on "Enabled"
Two extra entries ("HTTP Request Smuggling" and "Backup file") are enabled

Tested on Pro 2.1.04


Ben Wright Oct 09, 2019 11:41AM UTC Support Center agent

Hi Nicolas,

Thank you for your message.

I have repeated the steps that you have listed and am seeing the same results.

I have logged this as a bug request with the developers and we will notify you when it gets fixed.

NIcolas Grégoire Jan 15, 2020 11:23AM UTC
A small update after three months: I just tested v2.1.07, which is still not fixed :-(

Ben Wright Jan 15, 2020 11:51AM UTC Support Center agent

Hi Nicolas,

This issue is still in our development backlog. We notify this thread when we have an update.

Post Your public answer

Your name
Your email address