Bug Reports

Report a bug

  • SSL hardware certificate library cannot be loaded

    To pentest applications using Belgian eID smart card identification and Burp Suite Pro, we import the Client SSL Certificate under the 'User Options'-tab > 'SSL'-tab by clicking the 'Add' button and selecting 'Hardware token or smart card (PKCS#11). On the next screen we select the correct library '/usr/local/lib/libbeidpkcs11.so' . In Burp v1 this ...

    1 Agent Answer    0 Community Answer
    Jun 04, 2019 12:11PM UTC
  • Web Security Academy

    Hello, I am going through the lab and I have problems to find the correct parameters for post requests. For example in "'Blind OS command injection with out-of-band data exfiltration" I do not see "email" parameter in the post request but only a [object FormData] parameter. Is this the correct behavior?

    3 Agent Answers    2 Community Answers
    Jun 04, 2019 12:06PM UTC
  • Polling server connection fails on private collaborator instance

    Hi there, I have setup a private collaborator server with let's encrypt wildcard certificates. It works fine, except that I can only pull over unencrypted HTTP. This is very strange, as I do not have a "polling" section in the configuration file. This means that Burp Collaborator server will use the same wildcard certificate for interactions and polling. I get the following when ...

    2 Agent Answers    2 Community Answers
    Jun 04, 2019 08:07AM UTC
  • Browser response not visible

    I have tried with java 8 and java 12 but without luck. When i try to view response in browser from Burp Suite Professional 2.0.22beta I can't actually see the response. I click to render the response, it work but all i see is a blank page. But i've noticed that the response is actually rendered as if i try to click somewhere i get mouse animations like when i try to click a button in ...

    5 Agent Answers    4 Community Answers
    Jun 01, 2019 04:32PM UTC
  • Web academy

    Hello, i think there is an error in Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft. https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft I can't find working payload, and payload from solution didn't work too. THX.

    1 Agent Answer    0 Community Answer
    May 31, 2019 12:11PM UTC
  • Possible bug in Lab Blind SQL injection with time delays and information retrieval

    The injection is on TrackingId cookie, but it only works if you inject in a "/filter?category=" page, not in a "/product?productId=" page. It drove me crazy for a while :)

    1 Agent Answer    1 Community Answer
    May 30, 2019 10:40AM UTC
  • Embedded browser initialization failed

    Hi I am having an issue with the Response/Render feature of the embedded browser. When I click on "Render" in the "Response" tab I receive the following message "Embedded browser initialization failed" I also ran the Embedded browser health check and I get the following messages. Checking Platform Support - Success Checking Browser Binaries - Success C...

    3 Agent Answers    1 Community Answer
    May 28, 2019 03:58PM UTC
  • Render broken in latest version - 2.0.22

    Hello, in the latest version 2.0.22 the 'render' function is broken. Not only it opens in an external window now, which is unacceptable, but it displays only a blank page, always. It was working FINE in the previous version. Whatever you changed in this version please undo it.

    5 Agent Answers    8 Community Answers
    May 26, 2019 06:52PM UTC
  • High CPU Utilization

    I am seeing an extremely high usage on my CPU in burpsuite. I am also seeing the RAM consumption go up to 16-17GB in a session. I am in the middle of a test of an API for a client. I can kill burp and then reload it. Then it is okay for about 15-20 minutes before returning to high usage. Let me know what you need to determine what might be causing this issue.

    2 Agent Answers    4 Community Answers
    May 23, 2019 04:17PM UTC
  • Problems updating Burp Enterprise

    It seems that the online update has some sort of built-in timeout and we are consistently hitting it and unable to update. With previous versions, the update would finish after many retries, but since v1.0.14beta we have not been able to update. I've talked to our infrastructure guys and it seems that there is no throttling or blocking of Burp update downloads. The following error is ou...

    3 Agent Answers    2 Community Answers
    May 21, 2019 06:22AM UTC