Bug Reports

Report a bug

  • Burp Pro Crashes Immediately Upon Start

    java version "1.8.0_73" Java(TM) SE Runtime Environment (build 1.8.0_73-b02) Java HotSpot(TM) Client VM (build 25.73-b02, mixed mode, sharing) Latest version of Burp Pro. Upon launch, splash screen displays briefly and disappears but the java process is still running. Have tried several versions of Java and several versions of Burp Pro with the same results. Anyone else experie...

    5 Agent Answers    10 Community Answers
    Feb 24, 2016 11:25PM UTC
  • Display Bug after a weird HTTP Response

    While testing an application, I got the following HTTP Response: HTTP/1.1 200 OK Date: Mon, 22 Feb 2016 15:52:27 GMT Expires: Mon, 22 Feb 2016 15:52:27 GMT Cache-Control: no-cache, private, no-store Content-Type: text/javascript; charset=utf-8 Pragma: no-cache Date: Mon, 22 Feb 2016 15:52:27 GMT X-Lift-Version: xxxx X-Frame-Options: SAMEORIGIN Content-Length: 1 Connection: close HT...

    1 Agent Answer    0 Community Answer
    Feb 22, 2016 04:02PM UTC
  • Burp pro won't start

    I downloaded every version of burpsuite . But nothing starts on my system . Mine is 32 bit OS with JDK 1.7 and JRE7. 12 February 2016 Burp Suite Professional v1.6.37 - Shows invalid/ corrupt file 21 January 2016 Burp Suite Professional v1.6.35 - Shows start flash screen then abruptly terminates and throws an error file 16 January 2016 Burp Suite Professional v1.6.34 - Shows invalid/ corrup...

    1 Agent Answer    0 Community Answer
    Feb 19, 2016 08:48AM UTC
  • Pro 6.36 and 6.37 will not start, corrupt

    I can run the free version .32. I purchased Pro and it won't start. Invalid or corrupt jarfile burpsuite_pro_v1.6.36.jar Invalid or corrupt jarfile burpsuite_pro_v1.6.37.jar

    6 Agent Answers    5 Community Answers
    Feb 16, 2016 04:00PM UTC
  • burp 1.6.36 crashes window manager under GNU/Linux

    Hi, since version 1.6.36 I encounter severe problems with burp. I'm running Debian GNU/Linux with awesome window manager. Before I start any Java application I follow advise on http://awesome.naquadah.org/wiki/Problems_with_Java to get proper X Window integration. Burp itself is started via command line: 'java -Xmx2048m -jar burpsuite_pro_v1.6.36.jar'. When I do this with b...

    1 Agent Answer    3 Community Answers
    Feb 16, 2016 08:38AM UTC
  • collaborator issues

    Hi, I have observed a glitch in collaborator's functionality. While (selectively) testing the persisten-xss module i have noticed the following payload being used: '"><svg%2fonload%3d(new(Image)).src%3d'%2f%2f8aj0dogjoqjmx9n62xhgpsgs4jafy7ovfl2bq0\56b.example.com'> Here the \56 part is odd. it should be a dot. However, it's this weird express...

    1 Agent Answer    1 Community Answer
    Feb 15, 2016 11:25AM UTC
  • HTML rendering engine does not use upstream proxy configuration

    When using Burp alongside an upstream proxy, rendering an HTTP response inside a response object will cause burp to fetch all page resources without going through the configured proxy. This can be pretty inconvenient when using an upstream proxy for anonymity purposes (for example tor) as it reveals user's original IP. Tested on latest version of Burp Pro (1.6.36) with http/socks proxy...

    1 Agent Answer    0 Community Answer
    Feb 12, 2016 01:34PM UTC
  • Restore is very slow

    Burp Version: 1.6.36 Log files created and saved with same version - 1.6.39 File size: 20,895 KB Restore Duration: Stopped the restore after 1.5 hours with only 60% completed. Restoring a previously saved log takes a long time to complete, depending on the file size. This morning, Feb. 11, 2016, I am trying to restore a file size of 25,283 KB. Started at 8:00 AM EST. At 8:28 AM EST only 80% ...

    2 Agent Answers    1 Community Answer
    Feb 11, 2016 01:29PM UTC
  • Simple SQLi identification failed

    Hi, I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks). In details, using active scan on "Login #4" page, Burp fails to identify the following SQLi: SELECT * FROM users WHERE name=("inj_param1") and password=("inj_param2") while all other SQLi have been properly discovered as expected....

    1 Community Answer
    Feb 11, 2016 09:14AM UTC
  • SSL peer shut down incorrectly / WebSockets not upgrading

    TL;DR - The default setting for 'Set "Connection close" on incoming requests', introduced in v1.6.32 should be disabled by default because it seems to break websockets. I had an issue that took me quite a while to figure out, so I thought I'd share here in hopes that this will save others time. I ran into two issues when using recent versions of Burp, specifically ...

    2 Agent Answers    2 Community Answers
    Feb 11, 2016 12:19AM UTC