Bug Reports

Report a bug

  • Intruder results: copying a column with Control-Click in Pro version

    From the Intruder documentation: "You can reorder the table's contents by clicking on any column header [...] You can copy the contents of a column by Ctrl-clicking the header [Pro version]". Bug #1: A column is reordered everytime its title is clicked, EVEN IF the "Control" key is pressed at the same time. Impact => copying the content of a column will alter its ord...

    3 Agent Answers    1 Community Answer
    Mar 04, 2015 09:21PM UTC
  • Visual bug in Intruder when two payload sets are of type "Dates"

    Tested on Burp Pro v1.6.11 on OpenJDK 1.7.0_75-b13 (and many different setups) That's an old bug, which happens only in a specific situation. How to reproduce: - send a request to Intruder - in the "Positions" tab, define two payload positions and select "Cluster bomb" as the attack type - switch to the "Payloads" tab - select payload set #1 - set the pay...

    3 Agent Answers    1 Community Answer
    Mar 04, 2015 06:30PM UTC
  • PostData removed when changing cookies in repeater/params tab

    When I change data in the params tab ( either deleting/editing/moving) parameters , the postdata in the resulting request is gone ! Postdata is in this form {"productId":"xxxxx#xxx#xxx"}. ( however also tested with normal postdata "test=test" , and same behaviour... Using Win7 x64 / burp pro 1.6.11 / no extensions / Java(TM) SE Runtime Environment (build 1....

    1 Agent Answer    0 Community Answer
    Mar 04, 2015 09:10AM UTC
  • java.io.IOException: Unicode String

    Dear, I'm getting inconsistent results, and I'm afraid Burp is the cause. When I modify a request in the repeater window , the following error is shown. java.io.IOException: Unicode String at sun.awt.datatransfer.DataTransferer.translateTransferable(DataTransferer.java:1120) at sun.awt.datatransfer.DataTransferer$5.run(DataTransferer.java:2306) at java.awt.event.Invocatio...

    2 Agent Answers    3 Community Answers
    Mar 04, 2015 07:57AM UTC
  • DOM-based open redirection error

    Hi, I am getting 'Open redirection (DOM-based)' error on all my pages . Can you help me to resolve this

    1 Agent Answer    0 Community Answer
    Feb 27, 2015 09:23AM UTC
  • Passive Scanning of .js CPU intensive and always retrying the same file

    Hi there, I'm reporting a behavior that i've noticed since the new static code analysis was introduced. I've noticed that whenever there is a .js or other file that is Big or with complicated code, the passive scanner is very CPU intensive and it seems that after hitting the analysis timeout for a file, it enters a loop and it's always analyzing the same file. I think th...

    1 Agent Answer    1 Community Answer
    Feb 19, 2015 11:45AM UTC
  • Burp creates two temp folders and only rms wrong one on exit

    Taken from: http://forum.portswigger.net/thread/1668/burp-creates-temp-folders-wrong because the problem still exists with: Java 7 x64 on Windows 7 x64 Pro ------------------------------------------- Hi Burp still creates two temp folders on startup, from which only one is actually used. When exiting, the unused one is deleted, which means the temp files remain on the hard disk. ...

    3 Agent Answers    2 Community Answers
    Feb 18, 2015 02:48PM UTC
  • java.lang.ClassCastException: javax.swing.plaf.ColorUIResource cannot be cast to javax.swing.Painter

    I open burp using Oracle Java 8: $ java -version java version "1.8.0_31" Java(TM) SE Runtime Environment (build 1.8.0_31-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode) And I got the following error: java.lang.ClassCastException: javax.swing.plaf.ColorUIResource cannot be cast to javax.swing.Painter at javax.swing.plaf.nimbus.NimbusStyle.getBackgroundPain...

    3 Agent Answers    2 Community Answers
    Feb 18, 2015 10:30AM UTC
  • Alert message while testing a website with its hostname

    Hi Team, We are getting some issues while executing Burp Suite. When we execute the Burp Suite for a site with its IP, then it is working fine but when we are executing the same with its host name, we are getting Alert message in the Burp Suite.

    1 Agent Answer    0 Community Answer
    Feb 16, 2015 01:28PM UTC
  • Separation of query string

    Hi, When I access a URL like following Burp recognizes one parameter its name="JSESSIONID", value="foo?bar=baz". http://localhost/;JSESSIONID=foo?bar=baz Screenshots: http://imgur.com/OY9NkvU (Raw tab) http://imgur.com/sO1HAaE (Params tab) Burp Suite v1.6.10 Windows 7 64bit

    3 Agent Answers    3 Community Answers
    Feb 08, 2015 06:50AM UTC