Bug Reports

Report a bug

  • IMessageEditorController.getRequest() and .getResponse() race condition(?) in Intruder

    Hi again, I am experiencing a strange race bug(?) in the Intruder result output window. For some reason, when viewing an HTTP response in a custom IMessageEditorTab, the .getRequest() and .getResponse() methods return a non-null byte array only if a user clicks on one of the original tabs first and then switches back to the custom editor tab. If the user remains on the custom editor tab and arr...

    1 Community Answer
    Jun 30, 2015 06:32AM UTC
  • Activation lost after Windows Upgrade

    Hi, I just upgraded to the Windows 10 preview and the Burp activation on the machine is gone. Are there any plans to improve the behavior of Burp in this regard? I think it's quite inconvenient to need to reactivate if multiple machines are upgraded. Apart from that, Burp is of course great software. Thank you and regards Burp User

    6 Agent Answers    6 Community Answers
    Jun 27, 2015 11:21PM UTC
  • ITextEditor.getText() deadlock

    Hi guys, First off, keep up the great work and I hope to meet you guys in Vegas for DC. I have a small issue with BurpSuite due to the way my plugin is making calls between the FX and Swing thread. I understand FX is not supported in Burp and I appreciate why. However, I was wondering why the model of the ITextEditor concrete class is tied to the Swing event loop. I have a situation where I...

    2 Agent Answers    1 Community Answer
    Jun 26, 2015 08:11PM UTC
  • Collaborator External Service Interaction (DNS) - Mismatch in attack vector

    There is a mismatch in the Collaborator External Service Interaction (DNS) between the URL inserted in the attack vector and the DNS request that Burp collaborator display in scanner result. One example advisory: Advisory: External service interaction (DNS) POST parameter of the request: xxx=http%3a%2f%2fdhylxw3clwxogtvs1ngy14fan1tuzk7avz.collaborator.xxx.net Colllaborator event: Th...

    2 Agent Answers    0 Community Answer
    Jun 26, 2015 09:28AM UTC
  • VMware Copy and Paste

    Running Burp in a Kali VM, copy from host to Burp works. Copying in Burp and attempting to paste in host fails. Copy is working within the VM (Burp to any other local app), but not outside of it. VMware Workstation 10.0.3 build-1895310 Host Windows 7 Home Premium, 64-bit VM is Kali 64-bit, recently updated java version "1.6.0_35" OpenJDK Runtime Environment (IcedTea6 1.13.7) (6b...

    1 Community Answer
    Jun 25, 2015 09:36PM UTC
  • indexOutOfBoundsException in BurpSuite

    Hello, I am trying to use BurpSuite_free_V1.6.01 with jdk 1.7.0_80 with the accessbridge enabled so I can use the JAWS screenreader with it. After starting burpsuite and opening firefox 31.1.1 which has been configured to use burpsuite's proxy, firefox just sits trying to connect. I switched to the burpsuite window and using JAWS, clicked on the proxy tab. At this point, all controls in ...

    1 Agent Answer    0 Community Answer
    Jun 25, 2015 06:18PM UTC
  • Burp closed without confirmation box

    Hi, Not sure this can be considered as a bug but the feature needed to be improved. I launched the burp from cmd command line ( java -jar etc ) to increase the RAM allocation for the software. At one point, I accidentally clicked the command prompt window close button and the burp window closed without any pop-up box to ask for confirmation of close or saving data ( eg. Are you sure you want to...

    1 Agent Answer    0 Community Answer
    Jun 24, 2015 07:42AM UTC
  • Content view not picking up resource

    I noticed the Contents View in site map sometimes does not pick up specific resources under certain conditions. Ex : An item has been identified during a spider scan as a GET request to /content/script, gets added properly to contents view When browsing the site, the same resource gets accessed as a POST request, going through the proxy. This POST request never appears in the contents view, d...

    1 Community Answer
    Jun 23, 2015 03:52PM UTC
  • Missing identification of response splitting vulnerability

    We found a that Burp Suite it doesn't test response splitting vulnerability. For example: www.example.com/about.php?date=%0D%0ATest%3A%20no If the HTTP response get the additional header "Test: no" should be reported. https://www.owasp.org/index.php/HTTP_Response_Splitting Regards

    1 Agent Answer    0 Community Answer
    Jun 22, 2015 09:00AM UTC
  • Different URLs in Target: Request, Raw and Site map URL

    I recognized that the URL in Target, Site map is different from the URL in the Request, Raw window. Here is what is shown in the Site map window right above (list of all URLs): https://www._something_.com/ - GET - /scale.php?timename=SCALE_USER&time=FF:13:15:06:15:08:10:37&id=WEB87431-20150615083 And here is what I see in the Request Raw window: GET /scale.php?id=WEB87431-20150616...

    1 Agent Answer    0 Community Answer
    Jun 18, 2015 01:58PM UTC