Bug Reports

Report a bug

  • Exception on restore state

    Trying to restore state on Burp Pro 1.6.18 the following exception occurred: java.lang.IndexOutOfBoundsException: Index: 3, Tab count: 1 at javax.swing.JTabbedPane.checkIndex(JTabbedPane.java:1768) at javax.swing.JTabbedPane.setSelectedIndex(JTabbedPane.java:589) at burp.bec.a(Unknown Source) at burp.xwc.b(Unknown Source) at burp.t2.b(Unknown Source) at burp.bec.addNotify(Unknown So...

    1 Agent Answer    0 Community Answer
    Jun 17, 2015 09:54AM UTC
  • Python extension unloading itself periodically

    I have a toy Python extension that simply prints out all command-line arguments, and calls exitSuite if there were any to print. About 50% of the time that I run Burp Suite from the command prompt, there is no output and Burp Suite fails to close automatically. I inspect the Extender tab and I find that the extension I wrote is unloaded. I check the "Loaded" box, the extension compiles, ...

    1 Agent Answer    1 Community Answer
    Jun 12, 2015 04:12PM UTC
  • Burp triggers DNS queries despite using an upstream proxy

    Hi, We are experiencing performance issues with Burp, with some web application pages taking over a minute to load. After investigation, we found out that Burp was issuing local DNS requests which could not be resolved due to our setup: the browser and Burp are installed on a machine located in network A and web requests have to transit over a proxy to reach the web application located in netwo...

    1 Agent Answer    5 Community Answers
    Jun 10, 2015 11:34AM UTC
  • Missing identification of SQL injection

    Dear Sir, we identified a missing identification of Blind SQL injection on some specific parameter. The SQL injection is presented on a single parameter of a POST request. Like par=pluto par=pluto -> result A par=pippo -> blank page par=pluta -> blank page par=pl'||(SELECT+CHR(117))||'to -> result A par=pl'||(SELECT+CHR(116))||'to -> blank page The D...

    1 Agent Answer    0 Community Answer
    Jun 09, 2015 11:00AM UTC
  • Burp Suite generates "weak ephemeral Diffie-Hellman key" error with Firefox Developer Edit...

    I've been using Burp Suite with Firefox Developer Edition, but as of today, I cannot make HTTPS connections when using Burp Suite as a proxy. I now get the following error message: An error occurred during a connection to www.yahoo.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) Unfortu...

    4 Agent Answers    11 Community Answers
    May 28, 2015 07:08PM UTC
  • Extensions loading multiple times when restoring state

    Whenever I restore a state file, it loads extensions multiple times. Burp 1.6.18, Java 8u45. Screenshot: https://imgur.com/sQ9EnMp

    2 Agent Answers    0 Community Answer
    May 19, 2015 05:19PM UTC
  • UI - custom shortcuts - not working in detached tabs

    Hi, when I set up custom keyboard shortcuts in Options:Misc:Hotkeys, they do not work in windows I detach using the Window:'Detach XY' submenu. Regards, igor

    1 Agent Answer    0 Community Answer
    May 18, 2015 05:27PM UTC
  • Possible bug in concrete class of IScanQueueItem

    Hi, I think I may have discovered a small bug with the concrete implementation of the IScanQueueItem returned by the doActiveScan methods. When I try to access a method, I get the following error: Exception in thread "JavaFX Application Thread" java.lang.IllegalAccessException: Class sun.reflect.misc.Trampoline can not access a member of class burp.a4g with modifiers "public&q...

    3 Agent Answers    6 Community Answers
    May 16, 2015 09:48PM UTC
  • Burp goes into headless mode with open jdk version 1.7.0_79

    Hi, Whenever I run Burp Suite on my system it prints following message and goes headless (no splash screen even). If i delete .java/.userPrefs/burp folder, then it even prints the license agreement on the screen. Proxy: Proxy service started on 127.0.0.1:8080 The exact java version is as below, java version "1.7.0_79" OpenJDK Runtime Environment (IcedTea 2.5.5) (7u79-2.5.5-0...

    1 Agent Answer    1 Community Answer
    May 16, 2015 07:16AM UTC
  • Bug in IRequestInfo.getUrl()

    Hello, There is a bug in IRequestInfo.getUrl() that is related to how the hostname is retrieved. Currently getUrl() uses the hostname specified in the target options instead of the Host header in the HTTP request. However, what if the user specified a different hostname with the same target? Plugins would not be able to correctly report the affected URL using the IRequestInfo.getUrl() method if...

    2 Agent Answers    1 Community Answer
    May 14, 2015 01:36AM UTC