Bug Reports

Report a bug

  • Cacheable HTTPS Response

    Burp scanner reports that certain pages have a "Cacheable HTTPS Response". However, upon closer inspection it appears that these items are POST requests and the issue is reported because caching headers are missing rather than an explicit cache preference being set. The post here http://stackoverflow.com/q/626057/413180 indicates that POST is only cached by browsers if explicitely ...

    2 Agent Answers    1 Community Answer
    Aug 05, 2015 08:32AM UTC
  • "Go" button of Engagement tools/Search box is lost

    Hello, When you search long strings the "Go" button is lost after your first search. Well not completely lost but it is moved at the right when you search for 50+ char strings. Searching for 100 char make it disappear on a 1920x1200 screen. Not a big bug because you can still launch searches by pressing Enter but it would be better to keep the button ;) Davy

    2 Agent Answers    1 Community Answer
    Aug 04, 2015 04:19PM UTC
  • Target Analyzer - Parameters - specific POST request - not showing correct data when opened

    When I go to Target Analyzer - Parameters, I can see all occurrences of a specific parameter that Burp discovered. When I want to search e.g. for the parameter with name "parameter1", I can see all occurrences in the middle window. So far, so good. Even after clicking once on a specific line in the middle window, I can see occurrence of this parameter in the button window successfull...

    1 Agent Answer    0 Community Answer
    Jul 31, 2015 01:04PM UTC
  • Burp doesn't properly parse a website which has AngularJS

    Many of our websites incorporate AngularJS now. However the content isn't always properly parsed or stays in an loop where it is impossible to input anything through the browser. Has anyone seen this behaviour and has a fix for it? Behaviour is seen from 1.6.01 free through 1.6.22 Pro.

    1 Agent Answer    1 Community Answer
    Jul 30, 2015 07:38AM UTC
  • SSL Handshake Error

    With Burp, I am trying to view the following website - https://self-repair.mozilla.org/ but I am not able to proxy it via Firefox. The error received (in alerts) is - javax.net.ssl.SSLException: Received fatal alert: handshake_failure Error (Alerts) - http://imagebin.ca/v/2AJ8syQVSM3l Steps already tried - 1. Restarted Windows 2. Checked with Java 7, 8u45, 8u51, 8u60 (32/64 bit VM) and la...

    3 Agent Answers    10 Community Answers
    Jul 29, 2015 02:15PM UTC
  • Paste Outside of Burp 1.6.21 Not Working

    Copy and paste works within the Burp interface. Once you try to paste something from Burp, for example a really long url, outside of the interface it does not work. You are also not able to copy and paste from outside the application either. Is it possible to make the copy and paste function work outside of the Burp application? Copy and past function works on 1.6.19 Similar to this re...

    5 Agent Answers    7 Community Answers
    Jul 23, 2015 04:06PM UTC
  • Duplicate extensions in Burp

    On restoring a saved state, extensions were duplicated. Ideally burp should be taking care of preventing duplicates in extensions.

    2 Agent Answers    0 Community Answer
    Jul 13, 2015 10:16AM UTC
  • Multi monitore issue

    Hi, I am using the current release of your Burp Suite with the following issue. Having two more screens left of my default screen the application hangs as soon as I put it onto any other than the default screen. Having experienced the same issue with my own applications based on Java Swing or AWT I found a solution here: http://stackoverflow.com/questions/6436944/java-illegalstateexception-buff...

    2 Agent Answers    1 Community Answer
    Jul 06, 2015 07:43AM UTC
  • Buby

    Buby no longer works with 1.6.20 (results in error: no implicit conversion of nil into String); 1.6.19 and below works fine.

    1 Agent Answer    4 Community Answers
    Jul 04, 2015 10:46PM UTC
  • Session Handling - determine session validity not working because of Redirect

    Hello, I have an application which (by design) logs the user out (by redirecting to login page) when inputs don't have a valid value. I need to use the Session Handling to re-login. The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redire...

    0 Community Answer
    Jul 02, 2015 11:44AM UTC