Bug Reports

Report a bug

  • Reproducing External Service Interaction (DNS) issue

    Hi all, I am having a problem recreating an external service interaction (DNS) via the scanner. When I run a scan to the site the first time (crawl and audit) it finds the issue. If a run the scan a second time it does not find the issue. If a run the GET request with a new collab id it doesn't work either, yet the issue is repeatable with different ids with every re-start. What I ha...

    1 Agent Answer    0 Community Answer
    Oct 02, 2019 02:44AM UTC
  • Connection reset error

    I face Connection Reset error while opening a testing website that I've got. The website works properly when burp proxy is not set, and when the burp proxy is set in Mozzila or Chrome it gives Connection Reset Error.

    2 Agent Answers    2 Community Answers
    Sep 30, 2019 10:28AM UTC
  • POST with gzip data can't parse insertion points correctly

    If post with gzip data(maybe other binary data format either) will cause burp extender can't parse insertion points correctly, when you print insertionPoint.getInsertionPointType(), it will always print 1. And the insertionPointName is strange.Output like below: Utilities.out(insertionPoint.getInsertionPointType() + ""); Utilities.out(insertionPoint.getInsertionPointName()); ...

    1 Agent Answer    0 Community Answer
    Sep 27, 2019 12:55PM UTC
  • 100% CPU utilization in Burp Suite Pro 2.1.03

    Burp Suite Pro 2.1.03 keeps causing 100% CPU utilization when running an audit scan (earlier known as scanner). The scan task works for approximitely 2500-3000 requests after which it stops. Stopping the scanner does not cause the CPU utilization to return to normal levels. I have checked this with - all extensions disabled - all other tasks paused

    1 Agent Answer    1 Community Answer
    Sep 26, 2019 06:57PM UTC
  • 302 Redirect Not Picking Up Cookies

    Hello, I am using burp v1.7.31. This is about redirection 302 response code in burp. I am not getting "Follow Redirection" option in burp repeater while testing a particular application. The repeater options are set as "Never" in redirection and also 'process cookies' option is set . I have checked another web application and it does show "Follow Redirection"...

    3 Agent Answers    1 Community Answer
    Sep 26, 2019 05:18PM UTC
  • Burp v2.1.03 'Copy as curl command' puts cookies in curl -b and -H parameter

    With older versions of Burp 'Copy as curl command' only IIRC put cookies in the original request in the curl "-b" parameter but this current version also puts the same cookies in the "-H" parameter. Therefore in the curl command line the cookies appear twice. This might be easy to see in a small request but in a big request its not so easy to spot. This has just tri...

    1 Agent Answer    0 Community Answer
    Sep 25, 2019 03:14PM UTC
  • GUI performance slow to abyssmal under some (unclear) circumstance on start-up

    I have BurpSuitePro v2.1.03 on Debian Buster using KDE. It has generally worked as expected. I ran a scan of a copy of TeamCity. This generated ~250,000 requests overnight. Now each time I open the project file (~768MB) the response from the GUI is slow. Specifically when it is sorting the "Dashboard", "Issue Activity" panel for the first time. For example: After ...

    1 Agent Answer    0 Community Answer
    Sep 23, 2019 10:38AM UTC
  • IMessageEditor does not show markers

    When I set up a marked request or response for a IMessageEditor instance, it does not appear to be honored. The editor loads the message okay, but there aren't any markers on it. So if I do something like this: int[] markers = {1,10}; List<int[]> requestMarkers = new ArrayList<>(); requestMarkers.add(markers); markedRequestResponse = callbacks.applyMarkers(requestResponse,...

    1 Agent Answer    0 Community Answer
    Sep 23, 2019 01:58AM UTC
  • URL's not showing in target list

    I am having an weird issue I have not seen before. For some reason some pages I explore are not getting listed in the target list. I can send the page to repeater and intruder just fine, but when I expand the site on the target menu I don't see it. The site is contained in a subfolder and not on the root of the web server so to get to it its www.mysite.com/SOT/user/login.asp. I see the SOT fo...

    1 Agent Answer    0 Community Answer
    Sep 20, 2019 02:04AM UTC
  • EXTERNAL SERVICE INTERACTION (DNS)

    Hi Team, I am a facing below issue in my project, Please suggest the possible solution. Description: It is possible to induce the application to perform server-side DNS lookups of arbitrary domain names. The payload yacfs4cj5ocyq9mho4v2xqtq2h8bw3kwjk97zvo.burpcollaborator.net was submitted in the SSL SNI value and the HTTP Host header. The application performed a DNS lookup of the speci...

    1 Agent Answer    0 Community Answer
    Sep 19, 2019 12:52PM UTC