Bug Reports

Report a bug

  • Cmd Key on mac not working within Burp v1.6.26 (Java 1.8.0_60)

    The Cmd key on Mac OS 10.10.5 does not seem to be working within Burp (attempted on multiple Burp versions <=1.6.26), thus hampering the use of copy / paste / select all functions. Below are env details: java version "1.8.0_60" Java(TM) SE Runtime Environment (build 1.8.0_60-b27) Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode) Any suggestions or workarounds...

    1 Agent Answer    2 Community Answers
    Sep 08, 2015 10:22PM UTC
  • Hydra (http-get-form) + Burp = Missing GET parameters

    ## Issue * When using `http-get-form` with `HYDRA_PROXY_HTTP` set and using Burp as the proxy, the GET parameters are not being passed on. * Using other proxies (such as ZAP), or not using a proxy at all, the GET requests are correct. The issue only happens when you use burp. **Summary** ``` export HYDRA_PROXY_HTTP= hydra -l admin -p password -e ns -F -t 1 -w 5 -v ...

    2 Agent Answers    1 Community Answer
    Sep 08, 2015 04:39PM UTC
  • Burp proxy doesn't show responses with 1xx codes in HTTP history

    On a recent engagement, we encountered an application that uses websockets. The application upgrades the connection post-login. For example, (borrowed from Wikipedia) GET /test HTTP/1.1 Host: server.example.com Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw== Sec-WebSocket-Protocol: chat, superchat Sec-WebSocket-Version: 13 Origin: http://example.com ...

    1 Agent Answer    1 Community Answer
    Sep 04, 2015 02:37PM UTC
  • Burp does not process cookies when initializing Intruder

    I am using a site which has multiple redirects after submitting a form. After the initial POST request, Burp does not use cookies on subsequent requests. Behavior from the browser: POST request sent with cookies => 302 Redirect GET request from 302 with cookies => Another 302 GET request from second 302 with cookies => Return to page with information reflected in page Behavior u...

    2 Agent Answers    1 Community Answer
    Sep 02, 2015 11:20PM UTC
  • XSS detection is inconsistent

    HI, I did Active scan for one request on form submission using burp pro v 1.6.17 . It didn't listed any XSS for one hidden parameter which is not encoded . It I do same thing using Intercept proxy XSS is listed . Later We have encoded the parameter and tested for same hidden parameter using manual scan .Its not listed XSS . Just to ensure how Automated scan is working again we removed...

    1 Agent Answer    0 Community Answer
    Aug 30, 2015 10:17AM UTC
  • Error while running Burp

    # # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_UNCAUGHT_CXX_EXCEPTION (0xe06d7363) at pc=0x000007fefd97b3dd, pid=1172, tid=5828 # # JRE version: Java(TM) SE Runtime Environment (7.0_76-b13) (build 1.7.0_76-b13) # Java VM: Java HotSpot(TM) 64-Bit Server VM (24.76-b04 mixed mode windows-amd64 compressed oops) # Problematic frame: # C [KERNELBASE.dll+0xb3...

    1 Agent Answer    0 Community Answer
    Aug 27, 2015 09:20AM UTC
  • "Open redirection" issues share duplicite information with "Cross-domain Referer leak...

    After running Burp Active scan, I observed few Open redirection issues. However, when I check Cross-domain Referer leakage issues, there are many reported which I don't think should be there as they were caused by an Open redirection during active scan, for example: https://a40656bd271/a? https://a70b9fe5e59/a? https://a9662d67c39/a? https://aa0a4afcf8c/a? I'm not sure if it was...

    1 Agent Answer    0 Community Answer
    Aug 21, 2015 08:42AM UTC
  • off by one when saving intruder responses

    When you save server responses from the Intruder the files are labelled from 1 but looking at the requests in the Intruder panel they start at 0 with the baseline request. I think the file naming should match the request numbering.

    1 Agent Answer    0 Community Answer
    Aug 19, 2015 08:32AM UTC
  • Extender: isEnable called without proper context

    Hi, While writing new extension (IMessageEditorTabFactory) I've encountered a small bug. Code is available here: https://raw.githubusercontent.com/carstein/burp-extensions/master/Argonaut.py While loading extension I get NullPointerException but later on extension works fine. It seems to me that problem lies in line 64: req = self._helpers.analyzeRequest(self._controller.getRequ...

    3 Agent Answers    3 Community Answers
    Aug 12, 2015 09:55PM UTC
  • Burp restore state problem

    Hello, since the newer version of Burp Suite Professional (v1.6.23) i'm having problems restoring my burp save state. Here is a screenshot of the bug: http://i.imgur.com/lVdpnFx.png And the details: burp.eee: Failed to parse serialized data - expected closing tag '</scannerInfo>' but found '<item>' at burp.bmd.b(Unknown Source) at burp.bmd.a(Un...

    2 Agent Answers    0 Community Answer
    Aug 05, 2015 09:53AM UTC