Bug Reports

Report a bug

  • SSL Handshake Error

    With Burp, I am trying to view the following website - https://self-repair.mozilla.org/ but I am not able to proxy it via Firefox. The error received (in alerts) is - javax.net.ssl.SSLException: Received fatal alert: handshake_failure Error (Alerts) - http://imagebin.ca/v/2AJ8syQVSM3l Steps already tried - 1. Restarted Windows 2. Checked with Java 7, 8u45, 8u51, 8u60 (32/64 bit VM) and la...

    3 Agent Answers    10 Community Answers
    Jul 29, 2015 02:15PM UTC
  • Paste Outside of Burp 1.6.21 Not Working

    Copy and paste works within the Burp interface. Once you try to paste something from Burp, for example a really long url, outside of the interface it does not work. You are also not able to copy and paste from outside the application either. Is it possible to make the copy and paste function work outside of the Burp application? Copy and past function works on 1.6.19 Similar to this re...

    4 Agent Answers    5 Community Answers
    Jul 23, 2015 04:06PM UTC
  • Duplicate extensions in Burp

    On restoring a saved state, extensions were duplicated. Ideally burp should be taking care of preventing duplicates in extensions.

    2 Agent Answers    0 Community Answer
    Jul 13, 2015 10:16AM UTC
  • Multi monitore issue

    Hi, I am using the current release of your Burp Suite with the following issue. Having two more screens left of my default screen the application hangs as soon as I put it onto any other than the default screen. Having experienced the same issue with my own applications based on Java Swing or AWT I found a solution here: http://stackoverflow.com/questions/6436944/java-illegalstateexception-buff...

    2 Agent Answers    1 Community Answer
    Jul 06, 2015 07:43AM UTC
  • Buby

    Buby no longer works with 1.6.20 (results in error: no implicit conversion of nil into String); 1.6.19 and below works fine.

    1 Agent Answer    4 Community Answers
    Jul 04, 2015 10:46PM UTC
  • Session Handling - determine session validity not working because of Redirect

    Hello, I have an application which (by design) logs the user out (by redirecting to login page) when inputs don't have a valid value. I need to use the Session Handling to re-login. The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redire...

    0 Community Answer
    Jul 02, 2015 11:44AM UTC
  • IMessageEditorController.getRequest() and .getResponse() race condition(?) in Intruder

    Hi again, I am experiencing a strange race bug(?) in the Intruder result output window. For some reason, when viewing an HTTP response in a custom IMessageEditorTab, the .getRequest() and .getResponse() methods return a non-null byte array only if a user clicks on one of the original tabs first and then switches back to the custom editor tab. If the user remains on the custom editor tab and arr...

    1 Community Answer
    Jun 30, 2015 06:32AM UTC
  • Activation lost after Windows Upgrade

    Hi, I just upgraded to the Windows 10 preview and the Burp activation on the machine is gone. Are there any plans to improve the behavior of Burp in this regard? I think it's quite inconvenient to need to reactivate if multiple machines are upgraded. Apart from that, Burp is of course great software. Thank you and regards Burp User

    6 Agent Answers    6 Community Answers
    Jun 27, 2015 11:21PM UTC
  • ITextEditor.getText() deadlock

    Hi guys, First off, keep up the great work and I hope to meet you guys in Vegas for DC. I have a small issue with BurpSuite due to the way my plugin is making calls between the FX and Swing thread. I understand FX is not supported in Burp and I appreciate why. However, I was wondering why the model of the ITextEditor concrete class is tied to the Swing event loop. I have a situation where I...

    2 Agent Answers    1 Community Answer
    Jun 26, 2015 08:11PM UTC
  • Collaborator External Service Interaction (DNS) - Mismatch in attack vector

    There is a mismatch in the Collaborator External Service Interaction (DNS) between the URL inserted in the attack vector and the DNS request that Burp collaborator display in scanner result. One example advisory: Advisory: External service interaction (DNS) POST parameter of the request: xxx=http%3a%2f%2fdhylxw3clwxogtvs1ngy14fan1tuzk7avz.collaborator.xxx.net Colllaborator event: Th...

    2 Agent Answers    0 Community Answer
    Jun 26, 2015 09:28AM UTC