Bug Reports

Report a bug

  • Alert message while testing a website with its hostname

    Hi Team, We are getting some issues while executing Burp Suite. When we execute the Burp Suite for a site with its IP, then it is working fine but when we are executing the same with its host name, we are getting Alert message in the Burp Suite.

    1 Agent Answer    0 Community Answer
    Feb 16, 2015 01:28PM UTC
  • Separation of query string

    Hi, When I access a URL like following Burp recognizes one parameter its name="JSESSIONID", value="foo?bar=baz". http://localhost/;JSESSIONID=foo?bar=baz Screenshots: http://imgur.com/OY9NkvU (Raw tab) http://imgur.com/sO1HAaE (Params tab) Burp Suite v1.6.10 Windows 7 64bit

    3 Agent Answers    3 Community Answers
    Feb 08, 2015 06:50AM UTC
  • Uppercase when authenticated with NTLM

    Hello, I want to report a important bug. If I use NTLM authentication burpsuite always sets uppercase letters for the login and for some case sensitive database it is problem. Thanks for repair. Excellent would be option, that what I write to login field, the same string will be in the request. Marek

    1 Agent Answer    0 Community Answer
    Feb 06, 2015 02:12PM UTC
  • Font size

    When adjusting the font size, there is no changes to the HTTP message section.

    2 Agent Answers    1 Community Answer
    Feb 02, 2015 01:46AM UTC
  • Scan queue being reordered

    Pause the scanner, save the state and close Burp. Open Burp and restore the state. The number column under Scanner > Scan queue has been reordered starting at 1 instead of the previous numbers.

    1 Agent Answer    0 Community Answer
    Feb 02, 2015 01:41AM UTC
  • Row highlights

    Let's say you have 20 items. You select row 10, hold down 'shift' and hit the 'up' button three times. Instead of lines 7-10 being highlighted, only lines 7-8 highlighted.

    1 Agent Answer    0 Community Answer
    Feb 02, 2015 01:37AM UTC
  • Freezes in scanner

    Hi I've have problems running the scanner in 1.6.09, it's very unreliable. It just stopps scanning for no obvious reason, but it is a least not frozen. I can then save the state, kill Burp and reload the state. The scan will then continue for a few more URLs before freezing again. I have tried to set down the number of concurrent connections to just one, but it still just stops. T...

    2 Agent Answers    5 Community Answers
    Jan 30, 2015 08:52AM UTC
  • interface catastrophically broken in recently updated Debian 7

    BURP Version: 1.6.09 Debian version: 7.8 (Wheezy) JRE: both OpenJDK and Oracle JRE XOrg Server: both XVFB and QXL Invocation: java -jar ./burpsuite_pro_v1.6.09.jar Mode of failure: Burp Suite windows do not respond to any mouse input. Cannot interact with any buttons, tabs, lists, tables, text fields, scroll bars, etc. Other applications work fine. Prior to Monday, Jan 26, Burp Suite...

    2 Agent Answers    1 Community Answer
    Jan 29, 2015 12:31AM UTC
  • Missed DOM XSS

    We were testing your DOM XSS scanning capability against test web sites (from the makers of Ra.2) and noted to obvious false-negatives that were missed. EXAMPLE 1: http://www.daspatnaik.com/test/demo/dom-xss-02.html RESPONSE 1: <html> <head> <title> DOM XSS 02 </title> <script type="text/javascript"> function timedMsg(callback) ...

    1 Agent Answer    0 Community Answer
    Jan 23, 2015 07:41PM UTC
  • Apache Tomcat "Transfer-Encoding" Bug

    Hi, When trying to exploit CVE-2010-2227 on a vulnerable Apache Tomcat server I've noticed that Burp (1.6.06) deletes "Transfer-Encoding" HTTP header when using as a proxy. Regards Peter

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 10:54AM UTC