Bug Reports

Report a bug

  • Burp 2.x does not passively scan certain content types it did in 1.7

    In Burp 1.7.x Burp would find issues like 'Email address disclosed' on non-HTML content types. For example if the following was served in 'emails.txt' with Tomcat: test@gmail.com fake@gmail.com Burp 1.7.x would find and report the 'Email address disclosed' issue. In Burp 2.x that is no longer the case. Burp will not show these in the passive audit task an...

    2 Agent Answers    1 Community Answer
    Jan 28, 2019 04:17PM UTC
  • Burp 2.0.14 install4j error.log

    I get an error.log generated when using the Burp 2.0.14 Windows 64-bit installer. Looks like this happened because the included JRE got updated to Java 11. java.lang.NoClassDefFoundError: sun/misc/Unsafe at com.install4j.runtime.util.internal.ReflectionUtil.initUnsafe(ReflectionUtil.java:29) at com.install4j.runtime.util.internal.ReflectionUtil.setUnsafeAccessible(ReflectionUtil.java:41)...

    2 Agent Answers    2 Community Answers
    Jan 24, 2019 04:20PM UTC
  • Link manipulation (DOM-based) - JQuery

    Hi all, we use jquery-3.3.1.js in our application. Burp scan found a Link manipulation (DOM-based) vulnerabilities in JQuery sources: 1. // Anchor tag for parsing the document origin originAnchor = document.createElement( "a" ); originAnchor.href = location.href; BURP comment: Data is read from location.href and passed to the 'href' property of a DOM elem...

    1 Agent Answer    0 Community Answer
    Jan 23, 2019 10:44AM UTC
  • Invisible insertion points in Intruder when using Darcula theme

    When using the Darcula theme, the background color is Intruder is #3C3F31 for both normal text and insertion points, thus they're practically invisible, you have to hunt for '§' characters manually. See this screenshot where I put a single insertion point on the "Host" header: https://vsza.hu/burp-intruder-3c3f41.png I'm running Burp Suite Pro v2.0.13beta on Deb...

    1 Agent Answer    1 Community Answer
    Jan 21, 2019 08:45AM UTC
  • Burp Suite Pro Requesting access to MacBook Air Camera

    As stated above. Why is Burp Suite Professional requesting access to my MacBook Air camera? Pic here - https://imgur.com/a/TJ6ELDN

    1 Agent Answer    0 Community Answer
    Jan 19, 2019 08:13AM UTC
  • MIME type recognized incorrectly

    Burp (both v1 and v2) thinks this is JSON: https://www.docusign.net/Signing/StyleSheets/Framework.css

    1 Agent Answer    0 Community Answer
    Jan 11, 2019 08:06PM UTC
  • Repeater does not show Internal Server Error

    Hi, I was sending UPnP SOAP actions using repeater to a Linksys router and the 500 Internal Server error would not show up as a response; however, I could see the response using Wireshark. I'm using v1.7.36 Regards, Jason Patterson

    1 Community Answer
    Jan 10, 2019 11:48PM UTC
  • Possible bug: Missing hosts in site map in branch 2.x

    I think I spotted a bug on burp 2.x which wasn't there on the previous branch. It might be reproductible with the following steps (hopefully): - Setup a scope - Burp ask if you want to "limit item sent to proxy history to the scope" : answer yes - Change the scope to add a new host - Reenable proxy history for everything - Browse the new host added in to the scope: Resul...

    2 Agent Answers    2 Community Answers
    Jan 10, 2019 02:49PM UTC
  • Crawl not finding items

    I have a directory with a known file, e.g. https://website.com/folder/script.js. This appears as a grey item from the passive crawl in the Site Map under the Target tab, and the Response tab under Content is blank (because the resource hasn't actually been requested yet). If I directly browse to the file, it loads normally, appears in Proxy tab, however under Site Map it's still greye...

    1 Agent Answer    1 Community Answer
    Jan 09, 2019 11:39PM UTC
  • Unable to run scan on Burp Enterprise

    Hi Support, I'm unable to run a scan in burp enterprise. Wenever I create a new scan, I get this error "Failed to create scan: An unexpected error occurred. If this problem persists, please contact support@portswigger.net". The Burp Enterprise Version we are running on is Version: 1.0.10beta-1235.

    1 Agent Answer    0 Community Answer
    Jan 03, 2019 07:24PM UTC