Bug Reports

Report a bug

  • MOVE verb doesn't show up in Proxy history

    The verb 'MOVE' doesn't show up in the Burp proxy history. It only shows up in the 'Flow' plugin.

    1 Agent Answer    0 Community Answer
    Nov 20, 2019 11:27PM UTC
  • REST API. Get scan status after Burp restart: Task ID not found

    Burp Suite Pro version: 2.1.05; Steps to reproduce: 1. Start Burp Suite Pro; 2. Launch new scan, using REST API, i.e. do HTTP POST scan configuration to http://127.0.0.1:1337/$apiKey/v0.1/scan; 3. Poll scan status with HTTP GET http://127.0.0.1:1337/$apiKey/v0.1/scan/$taskID; 4. Stop Burp Suite; 5. Launch Burp Suite again with --unpause-spider-and-scanner command line option; 6. Scan st...

    4 Agent Answers    3 Community Answers
    Nov 20, 2019 03:03PM UTC
  • [Burp Enterprise] Install using PostgreSQL

    Hi, I've been trying to install the BE server. It all goes well until it gets to the database configuration: Enter the JDBC connection details for your database JDBC URL jdbc:oracle:thin:@//[jdbc:postgresql:burpenterprise] jdbc:postgresql://127.0.0.1:5432/burpenterprise Enter the database user that the Enterprise Server will use Username [beserver] Password Enter the databas...

    6 Agent Answers    6 Community Answers
    Nov 19, 2019 02:42PM UTC
  • bad url intercept

    when i browse any url i am getting another url response like: http://detectportal.firefox.com GET /success.txt?ipv6 https://push.services.mozilla.com/ http://ocsp.sca1b.amazontrust.com/ http://ocsp.digicert.com/ https://widget-mediator.zopim.com/s/W/ws/QIM5pDUhKPjTdxX0/c/1573821606317 so i need help to be able to intercept url i want

    1 Agent Answer    0 Community Answer
    Nov 15, 2019 12:59PM UTC
  • The .burp files are getting corrupted continuously even after repair

    I'm using the latest version of Burp Pro and every day I'm facing this issue. The .burp files are getting corrupted continuously even after repair every single day. It seems I'm not the only one having this issue.

    1 Agent Answer    0 Community Answer
    Nov 14, 2019 02:34PM UTC
  • "Lab: Basic SSRF against another back-end system" does not work

    "Lab: Basic SSRF against another back-end system" does not work The lab redirects to an error site FYI

    1 Agent Answer    0 Community Answer
    Nov 14, 2019 09:32AM UTC
  • False positives

    I am getting too many false positives of "Content type incorrectly stated" vulnerability all the time. My last occurence is: '''The response states that the content type is font/x-woff. However, it actually appears to contain unrecognized content.''' The response starts with wOFF and some binary stuff is following. When issue the "file" comma...

    1 Agent Answer    0 Community Answer
    Nov 13, 2019 02:43PM UTC
  • If you crawl, the status code of the site map Response will change

    If you crawl, the Response status code displayed on the site map is changed from "301" (redirect) to "200" (no redirect). When Crawl is executed, the contents of Response will be the contents after redirect. Originally, it is the content of the redirect, but there is a response with the content of the redirect destination. Therefore, when auditing from the site map, the “...

    1 Agent Answer    0 Community Answer
    Nov 13, 2019 01:58AM UTC
  • Match / Replace (Intruder Processing Rule) defect

    Hi Burp-Team, I have noticed a bug in the Match / Replace Intruder processing rule. I wanted to replace the character " with \". I have tried multiple variants to achieve that but always ended up with a different result than the one I wanted to have. As far as I understand, the "replace" part should take the input as given, correct? However, filling in \" resu...

    2 Agent Answers    1 Community Answer
    Nov 12, 2019 11:49AM UTC
  • some content characters change when request is sent to intruder

    hi, I attached a docx file with simple content (like some lines) in it, then sent the request to intruder and one to repeater from intercept (proxy) part for further investigating of request, it seems some character in the docx part is changed when it is sent to intruder. repeater works fine, but intruder doesn't ; i sent the both repeater and intruder request to comparer, and compare bot...

    1 Agent Answer    0 Community Answer
    Nov 10, 2019 10:44AM UTC