Bug Reports

Report a bug

  • Confirmed false-negative related to AngularJS XSS

    Hi! Creating a new ticket given that the previous one 1) doesn't in my cases 2) isn't very clear https://support.portswigger.net/customer/en/portal/questions/17690810-false-negative-in-angularjs-xss- Burp Suite will not detect client-side template injections (aka a false-negative) when the 'ng-app' attribute is located _before_ the tags loading AngularJS Javascript files...

    0 Community Answer
    Jan 17, 2020 12:13PM UTC
  • Repeater 'Send' button acting differently for WebSockets

    Hello, in the HTTP version of Repeater, clicking on the 'Send' button (or using the corresponding hotkey, here 'Ctrl + G') sets the focus on the request editor. However, the exact same action in the WebSockets version of Repeater doesn't do anything more than sending the request. That breaks the following keyboard-only workflow: - send to Repeater (Control + R) - s...

    1 Agent Answer    0 Community Answer
    Jan 17, 2020 09:17AM UTC
  • Software is Preventing Firefox From Safely Connecting to This Site

    Hello, I'm having an issue getting Burp Suite Community edition on Firefox. The issue is on all https:// websites. OS: Win 10 Pro Browser: Firefox 72.0.1 64-bit Burp Suite: 2.0.17 Community Edition So I have been a long time Burp user and know exactly how to install the certificate. I have ticked "This website can identify websites" when importing the certificate. I ha...

    1 Agent Answer    1 Community Answer
    Jan 16, 2020 04:49PM UTC
  • Unable to scan all Urls of site map at once

    Hi, I am using Burp Suite Professional 2.1.7. I browsed all urls of a website they were displayed in target site map then i added the host to scope. After clicking on the main url of website, if i scan it through audit and crawl options, only one url is scanned. How do i make burp scan the complete host (including all browsed urls) in a single scan? We are able to add all the urls manually in sca...

    1 Agent Answer    0 Community Answer
    Jan 16, 2020 11:55AM UTC
  • Burp Collaborator polling and certificate handling

    Hello there, we are running a working collaborator (using a professional 2.1.07 jar for both client and server) with some kind of strange problem. The wildcard certificate is pulled in correctly by burp and all services are using it, howether, the polling service is still creating a self signed certificate and I don't see an option to configure it with a valid one for its domain (neither po...

    1 Community Answer
    Jan 16, 2020 11:13AM UTC
  • Burp Search Function does not show original and edited Request

    When using Burp's search functionality, the results only contain a request and response pair for each result item. However, it may be the case that there is an original request as well as an edited request (e.g., as a result of proxy rule modifications). Ideally, Burp should display for each result item both the original request and the edited request.

    1 Agent Answer    0 Community Answer
    Jan 15, 2020 09:28AM UTC
  • "Intruder / Scan defined insertion points" doesn't work?

    Latest version of Burp Pro - after adding/changing insertion points to a request in Intruder and selecting "Intruder / Scan defined insertion points" doesn't seem to work - it doesn't open the scan launcher nor can I add it to an existing scan.

    1 Agent Answer    1 Community Answer
    Jan 09, 2020 01:02PM UTC
  • False Positive Still Show in Critical Bug Counts

    I have screenshots I can send in for this. In at least two areas in the UI, the 'Dashboard' and the 'View Details' linked off of the Dashboard, items that are marked as false positives still show up in the 'Issues count'. Example: I have one Arbitrary Origin Trusted issues and 4 XPath Injection items that were all 'High'. I marked the 4 XPath's as ...

    1 Agent Answer    0 Community Answer
    Jan 08, 2020 05:01PM UTC
  • Client Failed to negotiate a TLS Connection to respective application

    Hello BurpSuite Support, When I was trying to test a web application using Burp Suite 2.1.07 it is showing with an error Client failed to negotiate a TLS Connection to www.xxxxxxx.com: Received fatal alert:_certificate unknown. Steps followed on my side: Installed Burp CA Cert in Chrome browser, IE, Firefox—still shows up with same error. 2. Tried to change settings in Project O...

    5 Agent Answers    6 Community Answers
    Jan 06, 2020 01:30PM UTC
  • Different Bugs on Re-scanning same project/file

    Hi, I did a scan a saved its file/script. Now when i run the same script multiple times it shows different results on scanning the same script. It showed only informational issues one time and on running it second time it showed high severity issues (SQL Injection etc). Why is it not showing same results on re-scanning?

    5 Agent Answers    6 Community Answers
    Jan 03, 2020 11:25AM UTC