Bug Reports

Report a bug

  • Visual bug in Intruder when two payload sets are of type "Dates"

    Tested on Burp Pro v1.6.11 on OpenJDK 1.7.0_75-b13 (and many different setups) That's an old bug, which happens only in a specific situation. How to reproduce: - send a request to Intruder - in the "Positions" tab, define two payload positions and select "Cluster bomb" as the attack type - switch to the "Payloads" tab - select payload set #1 - set the pay...

    3 Agent Answers    1 Community Answer
    Mar 04, 2015 06:30PM UTC
  • PostData removed when changing cookies in repeater/params tab

    When I change data in the params tab ( either deleting/editing/moving) parameters , the postdata in the resulting request is gone ! Postdata is in this form {"productId":"xxxxx#xxx#xxx"}. ( however also tested with normal postdata "test=test" , and same behaviour... Using Win7 x64 / burp pro 1.6.11 / no extensions / Java(TM) SE Runtime Environment (build 1....

    1 Agent Answer    0 Community Answer
    Mar 04, 2015 09:10AM UTC
  • java.io.IOException: Unicode String

    Dear, I'm getting inconsistent results, and I'm afraid Burp is the cause. When I modify a request in the repeater window , the following error is shown. java.io.IOException: Unicode String at sun.awt.datatransfer.DataTransferer.translateTransferable(DataTransferer.java:1120) at sun.awt.datatransfer.DataTransferer$5.run(DataTransferer.java:2306) at java.awt.event.Invocatio...

    2 Agent Answers    3 Community Answers
    Mar 04, 2015 07:57AM UTC
  • DOM-based open redirection error

    Hi, I am getting 'Open redirection (DOM-based)' error on all my pages . Can you help me to resolve this

    1 Agent Answer    0 Community Answer
    Feb 27, 2015 09:23AM UTC
  • Passive Scanning of .js CPU intensive and always retrying the same file

    Hi there, I'm reporting a behavior that i've noticed since the new static code analysis was introduced. I've noticed that whenever there is a .js or other file that is Big or with complicated code, the passive scanner is very CPU intensive and it seems that after hitting the analysis timeout for a file, it enters a loop and it's always analyzing the same file. I think th...

    1 Agent Answer    1 Community Answer
    Feb 19, 2015 11:45AM UTC
  • Burp creates two temp folders and only rms wrong one on exit

    Taken from: http://forum.portswigger.net/thread/1668/burp-creates-temp-folders-wrong because the problem still exists with: Java 7 x64 on Windows 7 x64 Pro ------------------------------------------- Hi Burp still creates two temp folders on startup, from which only one is actually used. When exiting, the unused one is deleted, which means the temp files remain on the hard disk. ...

    3 Agent Answers    2 Community Answers
    Feb 18, 2015 02:48PM UTC
  • java.lang.ClassCastException: javax.swing.plaf.ColorUIResource cannot be cast to javax.swing.Painter

    I open burp using Oracle Java 8: $ java -version java version "1.8.0_31" Java(TM) SE Runtime Environment (build 1.8.0_31-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode) And I got the following error: java.lang.ClassCastException: javax.swing.plaf.ColorUIResource cannot be cast to javax.swing.Painter at javax.swing.plaf.nimbus.NimbusStyle.getBackgroundPain...

    3 Agent Answers    2 Community Answers
    Feb 18, 2015 10:30AM UTC
  • Alert message while testing a website with its hostname

    Hi Team, We are getting some issues while executing Burp Suite. When we execute the Burp Suite for a site with its IP, then it is working fine but when we are executing the same with its host name, we are getting Alert message in the Burp Suite.

    1 Agent Answer    0 Community Answer
    Feb 16, 2015 01:28PM UTC
  • Separation of query string

    Hi, When I access a URL like following Burp recognizes one parameter its name="JSESSIONID", value="foo?bar=baz". http://localhost/;JSESSIONID=foo?bar=baz Screenshots: http://imgur.com/OY9NkvU (Raw tab) http://imgur.com/sO1HAaE (Params tab) Burp Suite v1.6.10 Windows 7 64bit

    4 Agent Answers    4 Community Answers
    Feb 08, 2015 06:50AM UTC
  • Uppercase when authenticated with NTLM

    Hello, I want to report a important bug. If I use NTLM authentication burpsuite always sets uppercase letters for the login and for some case sensitive database it is problem. Thanks for repair. Excellent would be option, that what I write to login field, the same string will be in the request. Marek

    1 Agent Answer    0 Community Answer
    Feb 06, 2015 02:12PM UTC