Bug Reports

Report a bug

  • XML and XPath false positives in scanner module

    The scanner module reports XML and XPath false positives when it finds certain strings (e.g. xmlschema, ajaxpath) in the the response of automated scans, but it does not consider when those same strings were already present in the original response to unaltered requests.

    1 Agent Answer    0 Community Answer
    Apr 14, 2015 05:47PM UTC
  • Hidden API for IHttpRequestResponse objects?

    Hello, I found a suprising behavior in the Extender API (using Jython). Because of a typo, I called getUrl() on some IHttpRequestResponse objects... and it worked! Given the API documentation (both online http://portswigger.net/burp/extender/api/burp/IHttpRequestResponse.html or in-app), there's no function with that name in these objects. In fact, getUrl() exists only for IRequestInfo obj...

    1 Agent Answer    1 Community Answer
    Apr 14, 2015 08:42AM UTC
  • Window issues on Mac OS 10.10

    On Mac OS 10.10, when Burp Free is running, it doesn't show up in the dock, or in the command-tab window switcher. So it's difficult to switch to it. When you minimize it, its window does show up in the dock. But then when you click it, it appears behind any other open applications' windows.

    1 Agent Answer    0 Community Answer
    Apr 13, 2015 03:52PM UTC
  • Java RE 6 Required?

    I am in my 14-day evaluation period of Burp Suite. Yesterday I attempted to test a site via https; Burp Suite would not perform the test using Java RE version 8. I had to downgrade to version 6 of the JRE ( a version chock full of security problems and no longer supported by Oracle). What is Portswigger's plan to correct this problem?

    1 Agent Answer    0 Community Answer
    Apr 10, 2015 12:54PM UTC
  • Not tracking extension properly

    Extender > BApp Store None of the Installed boxes are checked. But if select certain extensions like .NET Beautifier, under the description the Install button is greyed out.

    1 Agent Answer    0 Community Answer
    Apr 10, 2015 01:21AM UTC
  • Spider this branch

    Scans the branch, then the rest of the directory tree.

    1 Agent Answer    0 Community Answer
    Apr 09, 2015 11:32PM UTC
  • GUI hanging on Windows 8.1 64-bit?

    Hola, I've just set up a new install of Windows 8.1 64-bit (fully patched) with the latest (AFAIK) versions of Java and Burpsuite (running as "java -jar -Xmx4096m burpsuite_pro_v1.6.14.jar" from a command prompt with admin privs). I'm getting GUI hangs within Burp. It still appears to actually be passing traffic - but the GUI is completely non-responsive. I can browse to...

    2 Agent Answers    2 Community Answers
    Apr 09, 2015 11:03AM UTC
  • Temporary files not deleted upon exit

    I've been waiting since 5 versions ago for this to be fixed. We're now at 1.6.14 and the issue is still there: Burp does not delete its temporary files/folders upon exit and thus, on subsequent launch, it asks for temporary folders to be deleted. It's been reported since 1.6.09 and you guys are also aware about this issue since 1.6.08: http://forum.portswigger.net/thread/166...

    7 Agent Answers    6 Community Answers
    Apr 02, 2015 04:09AM UTC
  • Automatic Backup's and Save State not working.

    Hi, I'm currently running Burp Pro 1.6.12 on a Windows 7 machine. I have allocated Burp 2GB of ram and am using Java (build 1.7.0_75-b13). I have not been able to make a test for this bug that can be reproduced, but I can give you some characteristics of when this happens: - Sometimes happens after pausing the active scanner - Happens after some sort of threads have been stopped (?)...

    1 Agent Answer    1 Community Answer
    Apr 01, 2015 07:28AM UTC
  • Discover content requests out-of-scope item

    In Target > Scope I've set "Exclude in scope" to be as follows: ^/auth/logout.* However, despite this "Content discovery" appears to request /auth/logout causing the discovery session to be logged out. A workaround could be to setup some Session Handling Rules for the Spider (?) to run a Macro to log back in, but should this be necessary?

    2 Agent Answers    2 Community Answers
    Mar 30, 2015 04:33PM UTC