Bug Reports

Report a bug

  • Google Chrome doesn't accept Burp certificate

    Even though I added the Burp certificate as I used to do, it seems that Google Chrome doesn't work properly with Burp's certificate. This is a screenshot of Security tab of Chrome https://imgur.com/a/c7GI8PG I'm using: Google Chrome version 78.0.3904.108 Burp Suite 2.1.04 Windows 10, version 1909

    2 Agent Answers    1 Community Answer
    Nov 23, 2019 07:15PM UTC
  • Burp 2 - v2.1.06 - Scan / Crawl sends four times the same HTTP request for each entry

    Hello, While doing I scan / crawl of a website, I noticed that Burp 2 makes 4x time the same HTTP requests for each crawl action. for instance it will query /robots.txt four times, this happens also when setting the thread pool to use max one concurrent connection Sample screenshot is available here : https://imgur.com/a/WVgAegg

    1 Agent Answer    0 Community Answer
    Nov 23, 2019 07:01AM UTC
  • Web Security Academy, Lab: Exploiting cross-site scripting to steal cookies

    Hi, This lab: Exploiting cross-site scripting to steal cookies, might be broken. I can only get my own session cookie sent to me, even with the proposed solution. It seems that the admin is not reading the comments.

    2 Agent Answers    1 Community Answer
    Nov 22, 2019 02:10PM UTC
  • MOVE verb doesn't show up in Proxy history

    The verb 'MOVE' doesn't show up in the Burp proxy history. It only shows up in the 'Flow' plugin.

    1 Agent Answer    0 Community Answer
    Nov 20, 2019 11:27PM UTC
  • REST API. Get scan status after Burp restart: Task ID not found

    Burp Suite Pro version: 2.1.05; Steps to reproduce: 1. Start Burp Suite Pro; 2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan; 3. Poll scan status with HTTP GET http://127.0.0.1:1337/$apiKey/v0.1/scan/$taskID; 4. Stop Burp Suite; 5. Launch Burp Suite again with --unpause-spider-and-scanner command line option; 6. Scan st...

    4 Agent Answers    3 Community Answers
    Nov 20, 2019 03:03PM UTC
  • [Burp Enterprise] Install using PostgreSQL

    Hi, I've been trying to install the BE server. It all goes well until it gets to the database configuration: Enter the JDBC connection details for your database JDBC URL jdbc:oracle:thin:@//[jdbc:postgresql:burpenterprise] jdbc:postgresql://127.0.0.1:5432/burpenterprise Enter the database user that the Enterprise Server will use Username [beserver] Password Enter the databas...

    6 Agent Answers    6 Community Answers
    Nov 19, 2019 02:42PM UTC
  • bad url intercept

    when i browse any url i am getting another url response like: http://detectportal.firefox.com GET /success.txt?ipv6 https://push.services.mozilla.com/ http://ocsp.sca1b.amazontrust.com/ http://ocsp.digicert.com/ https://widget-mediator.zopim.com/s/W/ws/QIM5pDUhKPjTdxX0/c/1573821606317 so i need help to be able to intercept url i want

    1 Agent Answer    0 Community Answer
    Nov 15, 2019 12:59PM UTC
  • The .burp files are getting corrupted continuously even after repair

    I'm using the latest version of Burp Pro and every day I'm facing this issue. The .burp files are getting corrupted continuously even after repair every single day. It seems I'm not the only one having this issue.

    1 Agent Answer    0 Community Answer
    Nov 14, 2019 02:34PM UTC
  • "Lab: Basic SSRF against another back-end system" does not work

    "Lab: Basic SSRF against another back-end system" does not work The lab redirects to an error site FYI

    1 Agent Answer    0 Community Answer
    Nov 14, 2019 09:32AM UTC
  • False positives

    I am getting too many false positives of "Content type incorrectly stated" vulnerability all the time. My last occurence is: '''The response states that the content type is font/x-woff. However, it actually appears to contain unrecognized content.''' The response starts with wOFF and some binary stuff is following. When issue the "file" comma...

    1 Agent Answer    0 Community Answer
    Nov 13, 2019 02:43PM UTC