Bug Reports

Report a bug

  • Macro define custom parameter location in response not working

    Hi, We are using Burp Pro 1.7.03 and when trying to "Define a Custom Parameter" in the "Configure Macro Item" we can't get Burp to get anything; when we test the macro no "Derived parameters" or "Failed parameters" are shown. We tried the "Define start and end" and the "Extract from regex group" approach with no luck. Beside...

    2 Agent Answers    1 Community Answer
    Jul 22, 2016 08:27AM UTC
  • Scanner Options not saved in project file

    Apologize for the double post. I saw someone with a similar issue and posted on that, but I'm not sure if that was the proper way to do this or if I should start a new thread. Please correct me where I'm wrong and delete any post that is wrong. When I start a new project, I select a file to save it to disk (New project on disk) and then I have a default configuration file that has Act...

    2 Agent Answers    1 Community Answer
    Jul 18, 2016 02:02PM UTC
  • java.lang.UnsupportedOperationException

    Hi guys, I have searched the support center and found a bug similar to this, but have not yet found a solution and my configuration may be different. I am running Burpsuite Free 1.7.03 on Debian Jessie, and I am receiving the following when I try to start a project: An error occurred when starting a project with the selected options java.lang.UnsupportedOperationException Unfortunately...

    3 Agent Answers    6 Community Answers
    Jul 18, 2016 07:57AM UTC
  • Settings not saved in project

    I can create a new project and change the options under scanner -> options -> active scanner optimization to Thorough and Normal. However, after closing the project and opening it again, these options are not saved and default to other values. All other options are saved (and yes, I choose to load options saved with project). Tested on two different machines, mac and linux, with the same ...

    4 Agent Answers    2 Community Answers
    Jul 08, 2016 10:26AM UTC
  • WOFF not recognized as a Content Type

    Most of the times that I see the "Content type incorrectly stated" issue these days it is related to WOFF (Web Open Font Format). This is the issue text: "The response states that the content type is application/font-woff. However, it actually appears to contain unrecognized content." This gives "Severity: Low, Confidence: Firm". I see a couple of issues: ...

    2 Agent Answers    3 Community Answers
    Jun 23, 2016 01:44PM UTC
  • Macro Editor Hang

    Hi, after editing a single HTTP POST request in the macro editor, the form cannot be closed any more. The only way to get back to the main window is to kill the process and restart Burp. Sebastian

    2 Agent Answers    1 Community Answer
    Jun 21, 2016 08:44AM UTC
  • Raw response window display corruption

    Hello, In my current engagement I am experiencing a display corruption issue in the Response window, both in "Raw" and in "HTML". The render tab actually seems to work well. I have the feeling it is some sort of encoding issue. https://drive.google.com/open?id=0BwT0BfSFrTwNLUZKelBtTU90Qmc Thx, Jerome

    1 Agent Answer    0 Community Answer
    Jun 20, 2016 03:32PM UTC
  • Cross-domain script include issues ignore subresource integrity attributes

    Cross-domain script include issues are useful, however they ignore whether the site uses subresource integrity (SRI) attributes. If so, the part that says "trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions" is not accurate since if the content changes, the cryptographic hash would change, thus modern browsers won't ...

    1 Agent Answer    0 Community Answer
    Jun 17, 2016 03:05PM UTC
  • gzip in request

    Im assessting a mobile application that sends HTTP requests compressed. I have activated the check "proxy>options>miscelaneous>unpack gzip/deflate requests". But, when the request is unpacked, the request has still the header 'application/x-gzip', so the server does not accept the request because the content is not compressed. As a workarround I have set a replace r...

    1 Agent Answer    0 Community Answer
    Jun 17, 2016 07:20AM UTC
  • RuntimeException when trying to load SQLiPy

    I have loaded Jython and SQLiPy, but when I try to copy a request from the Proxy using the SQLiPy Scan menu, I get a RuntimeException. Does anybody know what causes this? Note that sqlmapapi.py is running, and everything else looks OK. Calling: /usr/bin/python /usr/share/sqlmap/sqlmapapi.py -s -H x.x.x.x -p 8081 [10:35:35] [INFO] Running REST-JSON API server at 'x.x.x.x:8081'.. ...

    2 Agent Answers    3 Community Answers
    Jun 16, 2016 04:09AM UTC