Bug Reports

Report a bug

  • Discover content requests out-of-scope item

    In Target > Scope I've set "Exclude in scope" to be as follows: ^/auth/logout.* However, despite this "Content discovery" appears to request /auth/logout causing the discovery session to be logged out. A workaround could be to setup some Session Handling Rules for the Spider (?) to run a Macro to log back in, but should this be necessary?

    2 Agent Answers    2 Community Answers
    Mar 30, 2015 04:33PM UTC
  • Burp closes itself with zero exit code and no exceptions nor output

    This is the output of running Burp under strace: https://gist.github.com/berdario/97c3a973a78e7c081a34 And this is the output with strace -f https://gist.githubusercontent.com/berdario/1646183438a83afee110/raw/- I can workaround this issue by using another version of Java The issue happens with the Java installed by the Nix package manager on Ubuntu. Burp works just fine with Ubu...

    1 Agent Answer    0 Community Answer
    Mar 30, 2015 02:42PM UTC
  • Cant change input or text fields

    I seem to have a problem with my Burp Suit where I don't seem to be able to edit any of the fields. Instead of getting a curser I get an arrow. Some details: MAC version 10.10.2 JAVA: java version "1.7.0_25" Java(TM) SE Runtime Environment (build 1.7.0_25-b15) Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode) Burp suit version 1.6.12 Has anyone had ...

    3 Agent Answers    4 Community Answers
    Mar 25, 2015 09:05PM UTC
  • Not all repeater tabs saved/restored via state file

    Hi, Tested on Mac OSX (save) and restore (Win & Mac). When saving the state file and restoring it later one, one Repeater tab (the last one) is missing from the restored state.Not sure whether it's not save in the first place or not restored. Burp 1.6.12 Mac & Win, Java 7 Cheers

    2 Agent Answers    2 Community Answers
    Mar 23, 2015 04:30PM UTC
  • invalid macros

    Hello, we are experiencing problem with stored macros in Option -> Sessions. Macros work fine immediately after being recorded. But after some time (even days), stored Requests become invalid and empty - full of zeroes. Any idea how to repair existing macros and fix this problem? Thank you. Martin

    3 Agent Answers    2 Community Answers
    Mar 19, 2015 05:56PM UTC
  • Failed to parse the content of the page for SQL Injection indications in the passive scanner

    Suppose the following scenario: I access a particular page, and in the body of the page you have a MySQL syntax error with the SQL query. The base request is always the same, it already has the SQL query in the body. Isn't the passive scanner supposed to pick up the info and indicate that may exist a SQL Injection based on this information or at least there is sensitive information bein...

    1 Agent Answer    1 Community Answer
    Mar 17, 2015 04:17PM UTC
  • File dialog paths across the application

    Burp seems to maintain the same file path through-out the application. If would be useful if the last save/restore file location was stored separately to the load intruder payloads path.

    1 Agent Answer    0 Community Answer
    Mar 17, 2015 11:40AM UTC
  • Upgrading Burp doesn't keep extensions

    Everytime I upgrade Burp, I have to set the environment paths, and re-download the BAPPs. Is there a config file somewhere that can be configured to avoid this?

    2 Agent Answers    1 Community Answer
    Mar 17, 2015 11:37AM UTC
  • java.sql.SQLException: Invalid column index not detected by active scanner

    Hi, while working on an application with the active scanner of Burp 1.6.12 a lot of possible SQL injections like: -------------- SERVICE NOT AVAILABLE. Please refer to your system administration<br>FooException: Exception thrower: foo.bar.OJBService<br>Attributes: class foo.bar.Service<br>serialVersionUID = -8879262741052573073<br>broker = interface org.apache.ojb.br...

    2 Agent Answers    2 Community Answers
    Mar 16, 2015 03:28PM UTC
  • recieving smart card error "card was detected but not the right one..."

    I just started to receive a smart card error when attempting to load my smart card certificates to burp. I have been using the p11-capi.dll successfully for some time. The error I receive from the card manager follows. "A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certifica...

    1 Agent Answer    0 Community Answer
    Mar 13, 2015 06:21PM UTC