Bug Reports

Report a bug

  • SmartCard Client SSL Certificate

    Hi, we have an internal setup where we use SmartCards for Authentication. In Burp 1.7 this worked like a charm but somewhere after the 2.0 upgrade something broke. At the last step (where you enter your PIN code) the certificate does not show up. At the moment I am having this issue on v2.1.02 while 1.7.37 still works. I am on Windows 10 1803. Can you look into that?

    1 Agent Answer    0 Community Answer
    Aug 05, 2019 12:55PM UTC
  • questions for bugs

    How much does it take to find a bug using burpsuite? And is there a reason why i cant find any? Thanks!

    1 Agent Answer    0 Community Answer
    Jul 30, 2019 11:16PM UTC
  • crawl/URL's to Scan error

    I'm having an issue (or is it a bug) whereby I have a website on a domain that has an underscore (for example, http://site_test.blah.com), but setting up a crawl scan type gives me 'Invalid URL to scan' error despite the site working through the proxy. Anyone else run into this?

    2 Agent Answers    1 Community Answer
    Jul 30, 2019 04:14PM UTC
  • Burp hotkeys are not working

    - Ubuntu 18.04 - Burp Suite Pro For some reason Burp doesn't receive Ctrl + [A-Z] hotkeys, but Ctrl + [0-9] work just fine. Restoring defaults and reinstalling Burp doesn't solve the issue. Seems more like a system problem, but may be you have any advice?

    1 Agent Answer    0 Community Answer
    Jul 29, 2019 12:01PM UTC
  • Vulnerable Java JRE

    Hi The newest version of the community edition for Linux is shipped with a private JRE (Oracle 1.11.0 2) which is effected by multiple vulnerabilities, can this be updated to 1.11.0 3? Thanks Br, Dransfeldt

    1 Agent Answer    0 Community Answer
    Jul 26, 2019 08:00AM UTC
  • Collaborator servers lack ipv6 support

    No IPv6 support for any of the collaborator infrastructure: burpcollaborator1.portswigger.net has address 52.16.21.24 burpcollaborator2.portswigger.net has address 52.16.107.92 Knowing an ipv6 source address for originating traffic is far more useful than a legacy ipv4 address, as it is less likely to be nat'd behind a shared address and less likely to be discovered via traditional sca...

    1 Agent Answer    0 Community Answer
    Jul 25, 2019 12:29PM UTC
  • Burp Intruder inaccurate received and completed response time

    In Intruder, in order to execute blind sql injection, I selected the Received time from the columns menu in intruder attack window. While executing the attack, I noticed that the response times are not correct after the "TRUE" condition is met. For example, if the password length is 6, testing for something like LENGTH(password)=? with a list of numbers from 1 to 10 and a sleep time ...

    1 Agent Answer    0 Community Answer
    Jul 25, 2019 09:28AM UTC
  • Burp not reporting XSS issues

    I've been using Burp for about 2 years, and Burp has been great at reporting XSS on our websites. It does not report it via normal scanning (1.x), it would report the issue if i found a XSS manually using proxy intercept. Recently, I found a number of XSS manually using a simple alert script (<script>alert(1)</script>) on a number of different web pages, but no XSS issues are ...

    1 Agent Answer    1 Community Answer
    Jul 24, 2019 03:26PM UTC
  • Estimating time remaining

    The scanner keeps getting stuck on "Estimating time remaining". .. please fix or tell me how to force the scan to start.

    1 Agent Answer    0 Community Answer
    Jul 22, 2019 11:52PM UTC
  • Content-Disposition: attachment downloads do not render

    Hi, image file (jpegs) downloaded with the response header Content-Disposition: attachment does not have a render tab in the new version of Burp. This means that you cannot see the images within Burp. An example response that goes unrendered would be HTTP/1.1 200 OK Date: Mon, 22 Jul 2019 17:26:08 GMT Server: Apache/2.4.39 (Unix) X-Powered-By: PHP/7.2.19 Expires: 0 Cache-Control: must-r...

    1 Agent Answer    0 Community Answer
    Jul 22, 2019 05:35PM UTC