Bug Reports

• Crawling Stuck - v2.0.12beta

  Hi, the crawler hangs on "Locating authenticated functionality" and doesn't seem to be progressing. Also, how do I limit the crawler from trying to login with multiple agents? Currently it seems to be logging in 4 times.

  1 Agent Answer    0 Community Answer

  Nov 21, 2018 11:00PM UTC
• Tester

  In the repeater request type in Chinese, its display is garbled, any good solution?中文为乱码

  1 Agent Answer    0 Community Answer

  Nov 21, 2018 11:45AM UTC
• session handling rule set parameter value in json

  For Burp Suite 2.0.12beta: A session handling rule (Project Options -> Sessions) that takes care of setting the value of a given parameter in http requests is not applied to request bodies in json format. In the request example below, I have tried to replace the value of the parameter "_csrf": POST /api/bla/info/update HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Window...

  2 Agent Answers    1 Community Answer

  Nov 19, 2018 08:44AM UTC
• v2.0.x Extender API iScanQueueItem.getPercentageComplete() does not work

  While testing https://github.com/vmware/burp-rest-api/, we realized that there is a bug in the Burp Extender API iScanQueueItem.getPercentageComplete() for Burp Professional v2.x (beta). We have verified the problem with both 2.0.11 and 2.0.12. getPercentageComplete() always returns 0 - instead of the correct percentage. Please see https://github.com/vmware/burp-rest-api/issues/80 for th...

  4 Agent Answers    3 Community Answers

  Nov 16, 2018 10:16PM UTC
• Burp 2 Beta API key issues

  When the Burp 2 REST API is enabled and the "Allow access without an API key" option is enabled and there is an API key added it is not possible to use the API key to make API calls. For example this: http://127.0.0.1:1337/<api key>/v0.1/ will give me an "Invalid API version" error message. This is incredibly confusing. What I expect to happen is that the A...

  2 Agent Answers    1 Community Answer

  Nov 16, 2018 02:08PM UTC
• Burp 2.0 beta doesn't clean up temp file on exit

  My Burp Pro 1.7 generates some temporary files when running, and it will clean up these files on exit. Burp Pro 2.0 beta does not properly handle these on exit; every time I start Burp 2.0 it says there is temp file left from last start.

  2 Agent Answers    1 Community Answer

  Nov 15, 2018 04:32PM UTC
• BURP v2.0.11beta UI bug on macOS

  Hey, When creating new project on disk in dark mode on macOS, the special directory icons are broken (dir up, new dir etc) Cheers!

  1 Agent Answer    0 Community Answer

  Nov 15, 2018 09:38AM UTC
• Bundled JRE can generate DH pairs larger than 2048 bits

  Hello, Burp Suite v1.7.37 is bundled with Java 1.8.0_112. This version of Java is quite old and can't generate DH pairs (used for SSL) larger than 2048 bits. The site https://bettercrypto.org/ is good testbed (pair size = 4096), as indicated in the SSL Labs report (search for "Java 8"): https://www.ssllabs.com/ssltest/analyze.html?d=bettercrypto.org&s=195.39.201.143 I w...

  5 Agent Answers    5 Community Answers

  Nov 13, 2018 10:33AM UTC
• Old 1.6.x Windows bug on beta version

  Hi, The latest beta version is not silently deleting temp folders on start https://support.portswigger.net/customer/portal/questions/11581001-temporary-files-not-deleted-upon-exit https://support.portswigger.net/customer/portal/questions/16140229-burp-temporary-files 2.0.11beta / Windows 10

  1 Agent Answer    0 Community Answer

  Nov 12, 2018 08:59PM UTC
• gettin error code : SSL_ERROR_RX_RECORD_TOO_LONG

  iam using firefox ,i changed proxy and imported CA certificate. when i try to intercept iam getting error message Secure Connection Failed An error occurred during a connection to www.google.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG The page you are trying to view cannot be shown because the authenticity of the r...

  5 Agent Answers    13 Community Answers

  Nov 09, 2018 12:30PM UTC