Bug Reports

Report a bug

  • ArrayIndexOutOfBoundsException

    Burp starts to randomly fail, Proxy Interception will always display an old request that was long processed and that won't go away, even if I turn interception off, send a couple of requests and turn it on again. Burp is basically broken at that point and I have to restart it... OSX 10.14.6, MacOS-installer (your Java and everything, but because I want to see errors like the one below, I s...

    1 Agent Answer    0 Community Answer
    Dec 03, 2019 09:00AM UTC
  • burpsuite issues over VNC connection

    Hello! I've run into a peculiar issue and wondering if anyone else has overcome it - when running burpsuite over my VNC connection (my primary access method) the burpsuite windows show up as pink and do not display content. However, if I console directly in (using ESXi) or use over an xrdp connection (I installed to troubleshoot, but interacts more slowly over my apache guacamole client) it w...

    2 Agent Answers    1 Community Answer
    Dec 01, 2019 12:16AM UTC
  • Error while encoding or decoding the character 'ñ' or 'Ñ' in the decoder tab.

    The character 'ñ' encoded to base64 is 'w7E=' but on decoders is encoded as '8Q==' as well as the character 'Ñ' that is encoded in the decoders tab as ''0Q==' but the correct encode is 'w5E='.

    1 Agent Answer    0 Community Answer
    Nov 28, 2019 11:59AM UTC
  • Could not start Burp: java.lang.NullPointerException

    Hi everybody, Today, after updating to latest version 2.1.06, I'm no longer able to launch Burp Pro. I also tried uninstalling, reinstalling, downgrading, but I always get the same not-so-informative exception message: "Could not start Burp: java.lang.NullPointerException" right after the splash screen. Launching the burp jar directly produces the same exception. I suspect it ...

    8 Agent Answers    8 Community Answers
    Nov 27, 2019 02:33PM UTC
  • Burp suite shows error codes instead of meaningful result.

    Hi team, I am using burp suite v2.1.05. Regarding the result that burp suite showed about Cookie manipulation (DOM-based), I would like to ask you what it means below: Because I can't find any cookie manipulation related code from my source code. Dynamic analysis Data is read from input.value and passed to document.cookie. The source element has id tenantName and name tenant...

    1 Agent Answer    0 Community Answer
    Nov 26, 2019 02:36AM UTC
  • Without Burpsuite XSS not execute

    Hello every one, I am facing a poblem. I found a Reflected XSS and report it but they dont accept it . They said ---------------------------------------------------------------------------------------- Thank your for the report. In your reproduction steps you use burp. Could you add reproduction steps to exploit this vulnerabilitie without the use of burp? We ask this because having to trick...

    0 Community Answer
    Nov 25, 2019 09:05PM UTC
  • License

    A few days ago I purchased a Burp Suite Pro license and have still not received an email with the key. Yesterday I sent a support ticket in but have not received any confirmation email or response. I have been using a proton mail address, is that domain blocked or am I just having bad luck?

    1 Agent Answer    0 Community Answer
    Nov 24, 2019 07:19AM UTC
  • Google Chrome doesn't accept Burp certificate

    Even though I added the Burp certificate as I used to do, it seems that Google Chrome doesn't work properly with Burp's certificate. This is a screenshot of Security tab of Chrome https://imgur.com/a/c7GI8PG I'm using: Google Chrome version 78.0.3904.108 Burp Suite 2.1.04 Windows 10, version 1909

    2 Agent Answers    1 Community Answer
    Nov 23, 2019 07:15PM UTC
  • Burp 2 - v2.1.06 - Scan / Crawl sends four times the same HTTP request for each entry

    Hello, While doing I scan / crawl of a website, I noticed that Burp 2 makes 4x time the same HTTP requests for each crawl action. for instance it will query /robots.txt four times, this happens also when setting the thread pool to use max one concurrent connection Sample screenshot is available here : https://imgur.com/a/WVgAegg

    1 Agent Answer    0 Community Answer
    Nov 23, 2019 07:01AM UTC
  • Web Security Academy, Lab: Exploiting cross-site scripting to steal cookies

    Hi, This lab: Exploiting cross-site scripting to steal cookies, might be broken. I can only get my own session cookie sent to me, even with the proposed solution. It seems that the admin is not reading the comments.

    2 Agent Answers    1 Community Answer
    Nov 22, 2019 02:10PM UTC