Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp 2.x does not passively scan certain content types it did in 1.7

Seth Jackson Jan 28, 2019 04:17PM UTC

In Burp 1.7.x Burp would find issues like 'Email address disclosed' on non-HTML content types.

For example if the following was served in 'emails.txt' with Tomcat:

test@gmail.com
fake@gmail.com

Burp 1.7.x would find and report the 'Email address disclosed' issue.

In Burp 2.x that is no longer the case. Burp will not show these in the passive audit task and therefore the issue will not get reported anymore.

This also happens for other content types like CSS and JS.

This also trickles down to extensions as the 'doPassiveScan' is not getting called for text, CSS and JS content types in my testing.

I tested this using the Burp 1.7.37 installer and Burp 2.0.14beta installer on Windows.


Paul Johnston Jan 30, 2019 11:51AM UTC Support Center agent

Thanks for letting us know about this. This is a bug which we will resolve in a future version.


Seth Jackson Feb 15, 2019 02:20PM UTC
This is fixed in 2.0.16.

Liam Tai-Hogan Feb 15, 2019 02:33PM UTC Support Center agent

Thanks for letting us know Seth.


Post Your public answer

Your name
Your email address
Answer