Bug Reports

Report a bug

  • File Ownership Not Returned

    Hello, I am playing with the MDSEC training lab for the Java Applet input validation bypass. As part of this I was using the right click 'Paste from File' option to inject my modified client. While this worked it looks like the Java thread for burp has maintained ownership of the .class file. So I cannot delete the .class to try a second modification to the applet. On windows the ...

    2 Agent Answers    0 Community Answer
    Apr 19, 2015 08:06PM UTC
  • Collaborator polling ssl root cert

    Stood up a private collab server and everything seems to be running as expected. Looking at the polling server on 9443 however I get a cert error warning. Same cert is used for 443 and there's no warning. Not sure if I have a configuration issue with my collaborator.config or if something else is going on. The cert itself is a comodo wildcard cert for my domain.

    2 Agent Answers    1 Community Answer
    Apr 19, 2015 04:44AM UTC
  • GetParameters (IRequestInfo) bug

    Hi, I am using the "getParameters()" method of IRequestInfo and I have found a bug. When a request is parsed by this method it returns all the parameters that it found in "get parameters", "post parameters" and cookies. If the following request is parsed by this method: GET /url.php?param1=value1 Host: x.x.x.x Cookie: cookie1=value2 GetParameters() returns:...

    2 Agent Answers    1 Community Answer
    Apr 16, 2015 11:20PM UTC
  • BurpSuite not running on Java version 8u45, had to downgrade to 7u75

    Hi, I recently tried running BurpSuite (current version) and was unable to run it with Java 8u45. I downgraded Java to 7u75 and it worked again. Has anyone else seen this error? # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x73064580, pid=5952, tid=1480 # # JRE version: Java(TM) SE Runtime Environment (8.0_40-b25) (...

    1 Agent Answer    0 Community Answer
    Apr 16, 2015 04:27PM UTC
  • XML and XPath false positives in scanner module

    The scanner module reports XML and XPath false positives when it finds certain strings (e.g. xmlschema, ajaxpath) in the the response of automated scans, but it does not consider when those same strings were already present in the original response to unaltered requests.

    1 Agent Answer    0 Community Answer
    Apr 14, 2015 05:47PM UTC
  • Hidden API for IHttpRequestResponse objects?

    Hello, I found a suprising behavior in the Extender API (using Jython). Because of a typo, I called getUrl() on some IHttpRequestResponse objects... and it worked! Given the API documentation (both online http://portswigger.net/burp/extender/api/burp/IHttpRequestResponse.html or in-app), there's no function with that name in these objects. In fact, getUrl() exists only for IRequestInfo obj...

    1 Agent Answer    1 Community Answer
    Apr 14, 2015 08:42AM UTC
  • Window issues on Mac OS 10.10

    On Mac OS 10.10, when Burp Free is running, it doesn't show up in the dock, or in the command-tab window switcher. So it's difficult to switch to it. When you minimize it, its window does show up in the dock. But then when you click it, it appears behind any other open applications' windows.

    1 Agent Answer    0 Community Answer
    Apr 13, 2015 03:52PM UTC
  • Java RE 6 Required?

    I am in my 14-day evaluation period of Burp Suite. Yesterday I attempted to test a site via https; Burp Suite would not perform the test using Java RE version 8. I had to downgrade to version 6 of the JRE ( a version chock full of security problems and no longer supported by Oracle). What is Portswigger's plan to correct this problem?

    1 Agent Answer    0 Community Answer
    Apr 10, 2015 12:54PM UTC
  • Not tracking extension properly

    Extender > BApp Store None of the Installed boxes are checked. But if select certain extensions like .NET Beautifier, under the description the Install button is greyed out.

    1 Agent Answer    0 Community Answer
    Apr 10, 2015 01:21AM UTC
  • Spider this branch

    Scans the branch, then the rest of the directory tree.

    1 Agent Answer    0 Community Answer
    Apr 09, 2015 11:32PM UTC