Bug Reports

• Crawl/Audit detailed scope configuration does not persist when selected from library

  When performing a Crawl+Audit or Crawl, Scan details > Detailed scope configuration > Included URL prefixes, changes are saved if typed manually but not if populated by "Select from library". The url list appears correctly in the text box when selected from library, but when you click OK and perform the crawl/audit it ignores those values. Dashboard > Tasks > Settings (gear i...

  2 Agent Answers    2 Community Answers

  Jul 19, 2019 05:06PM UTC
• Burp Extensions

  Hi, it's just a question and also a bug reports. I've noticed that in Burp v2 some api for extension were changed. and i've noticed this in Active scans phases. Many extension active scans fail to execute. Is there any work around? or extensions need to be updated?

  2 Agent Answers    1 Community Answer

  Jul 16, 2019 07:01PM UTC
• An internal error occurred while launching Burpsuite jar and exe on windows machine

  An internal error occurred while launching Burpsuite jar and exe on windows machine even i tried re downloading but not working. Burpsuite 1.7.35 is working but not 2.1.*

  1 Agent Answer    0 Community Answer

  Jul 16, 2019 12:01PM UTC
• Lab: File path traversal, simple case - Unable to complete the lab exercise

  Hi I tried to traverse the file path in the lab exercise "File path traversal, simple case" as directed in the instructions however I am unable to retrieve the contents of /etc/passwd file. I followed the steps provided in the solution as well still I am unable to traverse the file path. Please help in completing this lab exercise. Thanks

  3 Agent Answers    2 Community Answers

  Jul 15, 2019 07:32AM UTC
• repeater not work for https

  intercept on,get https requests(A),send to repeater(B),in [Repeater] click [go],response status code:411.Now,in [Proxy] click [Forward],its work,in [HTTP history] response status code :200.Last,in [Repeater] click [Copy as curl command](C),it's work. Use Wireshark： A tls is success； B tls is error; C tls is success; System:macOs Mojave 10.14.5 Version:Burp Suite Community...

  1 Agent Answer    0 Community Answer

  Jul 13, 2019 01:12PM UTC
• REST API Does Not Set Content-Type Header When Invoking Callback

  When Burp's REST API issues a PUT request to the callback supplied to /scan, Burp does not set the Content-Type header. This causes issues when trying to integrate various tooling, such as ASP.NET Core 2.0. The platform doesn't receive a designated content type and is thus unable to perform content type negotiation. Here's an example of the payload that I receive: PUT / HTTP/1...

  1 Agent Answer    0 Community Answer

  Jul 10, 2019 01:46PM UTC
• subject

  <script>alert('hi')</script> <script>alert('hi')</script>

  0 Community Answer

  Jul 10, 2019 11:59AM UTC
• Rate limit bug

  Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious requests.

  1 Agent Answer    1 Community Answer

  Jul 10, 2019 11:16AM UTC
• Burp Session Handling Rules not Applied to Proxy

  I have a macro that grabs a token value of the parameter named xxx from one HTTP response such as: /campaign/a\">Details</a>\n<form class=\"column-buttons\" action=\"/manage/campaign/delete\" method=\"POST\">\n <input type='hidden' name='xxx' value='yyy' In the session handling rules, I have made it to run a ma...

  3 Agent Answers    6 Community Answers

  Jul 10, 2019 10:27AM UTC
• second listening port

  lsof, netcat, telnet, google and your support forum haven't been me friends so far. Maybe I missed an announcement... why is burp 2.x opening a second listening port? I noticed that burp is not only listening to port 8080, but also - even before listening to 8080, right from the start - to another port in the range above 32768. a short notice would be great sincerly mg PS: have...

  1 Agent Answer    0 Community Answer

  Jul 07, 2019 05:54AM UTC