Bug Reports

Report a bug

  • Grep - Extract and regexp group = "null"

    Hello, when editing Grep - Extract entries, the regexp group is set to "null" after edition. How to reproduce: - create a new Intrduer attack, go to Options > Match & Replace - click Add then "Extract from regexp group" - enter "a(.*)b" (w/o quotes) and click OK - select this entry and click Edit - uncheck "Case sensitive" and click OK - t...

    1 Agent Answer    0 Community Answer
    Oct 05, 2019 01:54PM UTC
  • Unable to activate license after reinstalling Burp Enterprise

    After a server crash we had to reinstall our Burp Enterprise setup. I downloaded the license again from our account page and tried to install it through the /settings/licensing upload field. Unfortuinately I get the following message. Failed to upload license: License activation failed, please contact support@portswigger.net

    1 Agent Answer    0 Community Answer
    Oct 04, 2019 07:50AM UTC
  • Burp 2.x Audit finds less issues

    I‘m playing a bit with burp 1.7.37 and v2.1.04 (both pro versions). I also read about the new scanning techniques burp 2.x comes with. So my expectation was, that it should find (in minimum) as much issues as the „old“ one. For testing i used DVWA. The old one with spidering and a following active scan finds multiple issues: - sqli (visible and blind) - xss (stored and refelcted) - command i...

    2 Agent Answers    0 Community Answer
    Oct 03, 2019 01:24PM UTC
  • Reproducing External Service Interaction (DNS) issue

    Hi all, I am having a problem recreating an external service interaction (DNS) via the scanner. When I run a scan to the site the first time (crawl and audit) it finds the issue. If a run the scan a second time it does not find the issue. If a run the GET request with a new collab id it doesn't work either, yet the issue is repeatable with different ids with every re-start. What I ha...

    1 Agent Answer    0 Community Answer
    Oct 02, 2019 02:44AM UTC
  • Connection reset error

    I face Connection Reset error while opening a testing website that I've got. The website works properly when burp proxy is not set, and when the burp proxy is set in Mozzila or Chrome it gives Connection Reset Error.

    2 Agent Answers    2 Community Answers
    Sep 30, 2019 10:28AM UTC
  • POST with gzip data can't parse insertion points correctly

    If post with gzip data(maybe other binary data format either) will cause burp extender can't parse insertion points correctly, when you print insertionPoint.getInsertionPointType(), it will always print 1. And the insertionPointName is strange.Output like below: Utilities.out(insertionPoint.getInsertionPointType() + ""); Utilities.out(insertionPoint.getInsertionPointName()); ...

    1 Agent Answer    0 Community Answer
    Sep 27, 2019 12:55PM UTC
  • 100% CPU utilization in Burp Suite Pro 2.1.03

    Burp Suite Pro 2.1.03 keeps causing 100% CPU utilization when running an audit scan (earlier known as scanner). The scan task works for approximitely 2500-3000 requests after which it stops. Stopping the scanner does not cause the CPU utilization to return to normal levels. I have checked this with - all extensions disabled - all other tasks paused

    1 Agent Answer    0 Community Answer
    Sep 26, 2019 06:57PM UTC
  • 302 Redirect Not Picking Up Cookies

    Hello, I am using burp v1.7.31. This is about redirection 302 response code in burp. I am not getting "Follow Redirection" option in burp repeater while testing a particular application. The repeater options are set as "Never" in redirection and also 'process cookies' option is set . I have checked another web application and it does show "Follow Redirection"...

    3 Agent Answers    1 Community Answer
    Sep 26, 2019 05:18PM UTC
  • Burp v2.1.03 'Copy as curl command' puts cookies in curl -b and -H parameter

    With older versions of Burp 'Copy as curl command' only IIRC put cookies in the original request in the curl "-b" parameter but this current version also puts the same cookies in the "-H" parameter. Therefore in the curl command line the cookies appear twice. This might be easy to see in a small request but in a big request its not so easy to spot. This has just tri...

    1 Agent Answer    0 Community Answer
    Sep 25, 2019 03:14PM UTC
  • GUI performance slow to abyssmal under some (unclear) circumstance on start-up

    I have BurpSuitePro v2.1.03 on Debian Buster using KDE. It has generally worked as expected. I ran a scan of a copy of TeamCity. This generated ~250,000 requests overnight. Now each time I open the project file (~768MB) the response from the GUI is slow. Specifically when it is sorting the "Dashboard", "Issue Activity" panel for the first time. For example: After ...

    1 Agent Answer    0 Community Answer
    Sep 23, 2019 10:38AM UTC