Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Wrong settings for config "Audit checks - extensions only"

NIcolas Grégoire Oct 09, 2019 08:58AM UTC

Hello,

the default configuration entry "Audit checks - extensions only" enables more than extension-provided checks, which is more than surprising (and very disturbing).

Go to the menu bar, then select "Burp > Configuration library"
Highlight "Audit checks - extensions only" and click on "Edit"
Go to "Issues reported", sort on "Enabled"
Two extra entries ("HTTP Request Smuggling" and "Backup file") are enabled

Tested on Pro 2.1.04

Cheers,
Nicolas


Ben Wright Oct 09, 2019 11:41AM UTC Support Center agent

Hi Nicolas,

Thank you for your message.

I have repeated the steps that you have listed and am seeing the same results.

I have logged this as a bug request with the developers and we will notify you when it gets fixed.


Post Your public answer

Your name
Your email address
Answer