Bug Reports

Report a bug

  • Burp Extensions

    Hi, it's just a question and also a bug reports. I've noticed that in Burp v2 some api for extension were changed. and i've noticed this in Active scans phases. Many extension active scans fail to execute. Is there any work around? or extensions need to be updated?

    2 Agent Answers    1 Community Answer
    Jul 16, 2019 07:01PM UTC
  • An internal error occurred while launching Burpsuite jar and exe on windows machine

    An internal error occurred while launching Burpsuite jar and exe on windows machine even i tried re downloading but not working. Burpsuite 1.7.35 is working but not 2.1.*

    1 Agent Answer    0 Community Answer
    Jul 16, 2019 12:01PM UTC
  • Lab: File path traversal, simple case - Unable to complete the lab exercise

    Hi I tried to traverse the file path in the lab exercise "File path traversal, simple case" as directed in the instructions however I am unable to retrieve the contents of /etc/passwd file. I followed the steps provided in the solution as well still I am unable to traverse the file path. Please help in completing this lab exercise. Thanks

    3 Agent Answers    2 Community Answers
    Jul 15, 2019 07:32AM UTC
  • repeater not work for https

    intercept on,get https requests(A),send to repeater(B),in [Repeater] click [go],response status code:411.Now,in [Proxy] click [Forward],its work,in [HTTP history] response status code :200.Last,in [Repeater] click [Copy as curl command](C),it's work. Use Wireshark: A tls is success; B tls is error; C tls is success; System:macOs Mojave 10.14.5 Version:Burp Suite Community...

    1 Agent Answer    0 Community Answer
    Jul 13, 2019 01:12PM UTC
  • REST API Does Not Set Content-Type Header When Invoking Callback

    When Burp's REST API issues a PUT request to the callback supplied to /scan, Burp does not set the Content-Type header. This causes issues when trying to integrate various tooling, such as ASP.NET Core 2.0. The platform doesn't receive a designated content type and is thus unable to perform content type negotiation. Here's an example of the payload that I receive: PUT / HTTP/1...

    1 Agent Answer    0 Community Answer
    Jul 10, 2019 01:46PM UTC
  • subject

    <script>alert('hi')</script> <script>alert('hi')</script>

    0 Community Answer
    Jul 10, 2019 11:59AM UTC
  • Rate limit bug

    Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious requests.

    1 Agent Answer    1 Community Answer
    Jul 10, 2019 11:16AM UTC
  • Burp Session Handling Rules not Applied to Proxy

    I have a macro that grabs a token value of the parameter named xxx from one HTTP response such as: /campaign/a\">Details</a>\n<form class=\"column-buttons\" action=\"/manage/campaign/delete\" method=\"POST\">\n <input type='hidden' name='xxx' value='yyy' In the session handling rules, I have made it to run a ma...

    3 Agent Answers    6 Community Answers
    Jul 10, 2019 10:27AM UTC
  • second listening port

    lsof, netcat, telnet, google and your support forum haven't been me friends so far. Maybe I missed an announcement... why is burp 2.x opening a second listening port? I noticed that burp is not only listening to port 8080, but also - even before listening to 8080, right from the start - to another port in the range above 32768. a short notice would be great sincerly mg PS: have...

    1 Agent Answer    0 Community Answer
    Jul 07, 2019 05:54AM UTC
  • localhost - worker process - not in burp - MAC OS

    I currently use Chrome with SwitchySharp extension for Proxy or firefox with proxysetting into firefox. Everytime I try to catch traffic comming from localhost, it does not work. I must add an host to my etc/host to test with another adress for example http://webgoat . (relyied to I found that tricks so I was happy. BUT ! Now, I must test a webSite who use WorkerProcess to make ...

    2 Agent Answers    2 Community Answers
    Jul 04, 2019 04:50PM UTC