Bug Reports

Report a bug

  • Scanner restarted a scan when another item has been cancelled

    I wanted to cancel a scan that i started earlier within one of the stock configurations in the library, "Audit coverage - thorough" so i right-clicked it in the "Audit items" tab inside the task and choosen "Cancel". Some seconds after the scan was cancelled, the scanner restarted a random task that was stopped two months ago, without any warning or message. I can&...

    2 Agent Answers    1 Community Answer
    Jun 18, 2019 10:06PM UTC
  • Burp suite fails to launch when macbook internal display is off

    Steps to reproduce: 1) Install the latest burp suite beta on a MacBook laptop. 2) launch the program 3) close the program 4) attach at least one external monitor, keyboard, and mouse to the MacBook. 5) close the laptop lid 6 Attempt to launch burp suite.

    1 Agent Answer    0 Community Answer
    Jun 14, 2019 05:10PM UTC
  • MIME type inference

    When a JSON response is sent Burp cannot deduce the MIME type correctly if the content is: {"name " :"bla"} Instead of JSON Burp thinks the type is text. I tested several cases and it seems that the space at this specific location is the problem. Funny thing is, when tested with the following content, Burp has no problem to identify the MIME type correctly as JSON: [{&quo...

    1 Agent Answer    0 Community Answer
    Jun 13, 2019 05:38PM UTC
  • Crashing while actively scanning

    Hello, I've noticed that when I try to spider websites of a large nature (thousands of requests, multiple forms, 1,000,000,000 + bytes) burp suite will crash and then no longer reopen with restarting my machine. I am currently running kali linux 2019 from a live usb when it crashes, on my mac. Thank you, Connor

    1 Agent Answer    0 Community Answer
    Jun 13, 2019 08:20AM UTC
  • Scanner detects non-exploitable xss as "Confidence: Certain"

    Hi there, Burp Scanner identified a Reflected XSS with the following payload: "cjb0i"accesskey="x"onclick="prompt(1)"//b1jkc" The problem is, that all modern browsers sent the " URL encoded as %22 and %22 is blocked by their WAF. This means, that this XSS is not exploitable, isn't it? Yes, I already tried double-encoding and other bypassing tr...

    1 Agent Answer    0 Community Answer
    Jun 11, 2019 06:57PM UTC
  • certificate not working for firefox esr

    I am on Kali Linux and firefox esr is not able to browse https sites when intercept is turned on. I did install the certificate and it is still not working.

    1 Agent Answer    0 Community Answer
    Jun 09, 2019 10:56PM UTC
  • Email not triggered after completion from Jenkins job.

    Hello Team, Created a Jenkins job on CloudBees Enterprise edition for Burp Enterprise edition using Burp Scan. In the Post Build section of Jenkins job used the plugin: Editable Email notification and given the email for which its needs to be triggered in case of Success or Failure. The job ran successfully however Email does not gets triggered. Here are the logs Started by user adm...

    1 Agent Answer    0 Community Answer
    Jun 06, 2019 11:17AM UTC
  • SSL hardware certificate library cannot be loaded

    To pentest applications using Belgian eID smart card identification and Burp Suite Pro, we import the Client SSL Certificate under the 'User Options'-tab > 'SSL'-tab by clicking the 'Add' button and selecting 'Hardware token or smart card (PKCS#11). On the next screen we select the correct library '/usr/local/lib/libbeidpkcs11.so' . In Burp v1 this ...

    3 Agent Answers    2 Community Answers
    Jun 04, 2019 12:11PM UTC
  • Web Security Academy

    Hello, I am going through the lab and I have problems to find the correct parameters for post requests. For example in "'Blind OS command injection with out-of-band data exfiltration" I do not see "email" parameter in the post request but only a [object FormData] parameter. Is this the correct behavior?

    3 Agent Answers    2 Community Answers
    Jun 04, 2019 12:06PM UTC
  • Polling server connection fails on private collaborator instance

    Hi there, I have setup a private collaborator server with let's encrypt wildcard certificates. It works fine, except that I can only pull over unencrypted HTTP. This is very strange, as I do not have a "polling" section in the configuration file. This means that Burp Collaborator server will use the same wildcard certificate for interactions and polling. I get the following when ...

    4 Agent Answers    9 Community Answers
    Jun 04, 2019 08:07AM UTC