Bug Reports

Report a bug

  • Burp closed without confirmation box

    Hi, Not sure this can be considered as a bug but the feature needed to be improved. I launched the burp from cmd command line ( java -jar etc ) to increase the RAM allocation for the software. At one point, I accidentally clicked the command prompt window close button and the burp window closed without any pop-up box to ask for confirmation of close or saving data ( eg. Are you sure you want to...

    1 Agent Answer    0 Community Answer
    Jun 24, 2015 07:42AM UTC
  • Content view not picking up resource

    I noticed the Contents View in site map sometimes does not pick up specific resources under certain conditions. Ex : An item has been identified during a spider scan as a GET request to /content/script, gets added properly to contents view When browsing the site, the same resource gets accessed as a POST request, going through the proxy. This POST request never appears in the contents view, d...

    1 Community Answer
    Jun 23, 2015 03:52PM UTC
  • Missing identification of response splitting vulnerability

    We found a that Burp Suite it doesn't test response splitting vulnerability. For example: www.example.com/about.php?date=%0D%0ATest%3A%20no If the HTTP response get the additional header "Test: no" should be reported. https://www.owasp.org/index.php/HTTP_Response_Splitting Regards

    1 Agent Answer    0 Community Answer
    Jun 22, 2015 09:00AM UTC
  • Different URLs in Target: Request, Raw and Site map URL

    I recognized that the URL in Target, Site map is different from the URL in the Request, Raw window. Here is what is shown in the Site map window right above (list of all URLs): https://www._something_.com/ - GET - /scale.php?timename=SCALE_USER&time=FF:13:15:06:15:08:10:37&id=WEB87431-20150615083 And here is what I see in the Request Raw window: GET /scale.php?id=WEB87431-20150616...

    1 Agent Answer    0 Community Answer
    Jun 18, 2015 01:58PM UTC
  • Burp won't start on my OSX machine any more

    Hi folks, Finding this one a little tricky to solve. Burp stopped working on my OSX system recently. I run it from the command line with something like: java -Xmx1024m -jar burpsuite_pro_v1.6.18.jar I get the splash screen, it goes away, and nothing else happens. I have an icon in the doc and there's something called 'StartBurp' running, but I never get the standard UI....

    2 Agent Answers    2 Community Answers
    Jun 18, 2015 05:14AM UTC
  • Exception on restore state

    Trying to restore state on Burp Pro 1.6.18 the following exception occurred: java.lang.IndexOutOfBoundsException: Index: 3, Tab count: 1 at javax.swing.JTabbedPane.checkIndex(JTabbedPane.java:1768) at javax.swing.JTabbedPane.setSelectedIndex(JTabbedPane.java:589) at burp.bec.a(Unknown Source) at burp.xwc.b(Unknown Source) at burp.t2.b(Unknown Source) at burp.bec.addNotify(Unknown So...

    1 Agent Answer    0 Community Answer
    Jun 17, 2015 09:54AM UTC
  • Python extension unloading itself periodically

    I have a toy Python extension that simply prints out all command-line arguments, and calls exitSuite if there were any to print. About 50% of the time that I run Burp Suite from the command prompt, there is no output and Burp Suite fails to close automatically. I inspect the Extender tab and I find that the extension I wrote is unloaded. I check the "Loaded" box, the extension compiles, ...

    1 Agent Answer    1 Community Answer
    Jun 12, 2015 04:12PM UTC
  • Burp triggers DNS queries despite using an upstream proxy

    Hi, We are experiencing performance issues with Burp, with some web application pages taking over a minute to load. After investigation, we found out that Burp was issuing local DNS requests which could not be resolved due to our setup: the browser and Burp are installed on a machine located in network A and web requests have to transit over a proxy to reach the web application located in netwo...

    1 Agent Answer    5 Community Answers
    Jun 10, 2015 11:34AM UTC
  • Missing identification of SQL injection

    Dear Sir, we identified a missing identification of Blind SQL injection on some specific parameter. The SQL injection is presented on a single parameter of a POST request. Like par=pluto par=pluto -> result A par=pippo -> blank page par=pluta -> blank page par=pl'||(SELECT+CHR(117))||'to -> result A par=pl'||(SELECT+CHR(116))||'to -> blank page The D...

    1 Agent Answer    0 Community Answer
    Jun 09, 2015 11:00AM UTC
  • Burp Suite generates "weak ephemeral Diffie-Hellman key" error with Firefox Developer Edit...

    I've been using Burp Suite with Firefox Developer Edition, but as of today, I cannot make HTTPS connections when using Burp Suite as a proxy. I now get the following error message: An error occurred during a connection to www.yahoo.com. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) Unfortu...

    4 Agent Answers    11 Community Answers
    May 28, 2015 07:08PM UTC