Bug Reports

• security testing

  Hi Team, Can you please tell me how to test URL for finding issues like iframe , cross scripting, SSL, cookie vulnerability, HTTPonly & secure. Thanks

  1 Agent Answer    0 Community Answer

  May 29, 2017 10:33AM UTC
• BUG

  CO2 DOWNLAD AND EROR BrupSuite

  1 Agent Answer    0 Community Answer

  May 29, 2017 09:19AM UTC
• IP adddress regexp

  Dear team, I noticed in burp 1.7.22 that "Private IP addresses disclosed" is failing to parse an IP address with this format: xxx.xx.xxx.xx. All remains IP address are being parsed. Kind Regards, Daniel

  1 Agent Answer    0 Community Answer

  May 24, 2017 12:49PM UTC
• Performance dropped in latest version of BurpSuite? (MacOS)

  Hi! Since the latest version of BurpSuite (1.7.22) I noticed quite some drop in performance on MacOS. I mainly use FireFox (also latest version) to browse. I often see that pages are loaded really slow (or don't load at all), until I "activate" Burp again. With "Activate" I mean that I need to click on the Burp icon in the Dock. It feels like Burp pauses until I make th...

  5 Agent Answers    7 Community Answers

  May 13, 2017 06:08AM UTC
• external service interaction DNS

  Hi, I am using Burp 1.7.15. I scanned my system in Jan and got scan report. I scanned my system again in March, and got new issues "external service interaction DNS" in the report. I did not upgrade Burp version. Does Burp update the "issue definition table" at the background regularly? Is there anyway we can tell the "issue definition table" updated? An...

  2 Agent Answers    2 Community Answers

  May 12, 2017 11:47AM UTC
• We can't use multi-byte characters in sitemap comment to save as XML

  When saving sitemap, we can't use multi-byte Japanese characters as comment. (Its generate invalid encoded XML.) [View] Target > Site map [Steps] 1. Set following words as sitemap comment. 管理画面 2. left-click on the tree-view and select 'save selected items'. 3. save to XML (e.g. sitemap.xml) 4. check saved XML like this... # grep --color=never '<commen...

  1 Agent Answer    0 Community Answer

  May 11, 2017 10:21AM UTC
• Upstream proxy configuration only passes URI and not domain/host

  Hi, I have spent some time trying to configure an upstream squid proxy server in order to have a known source IP address for testing engagements, without relying on a VPN (unfortunately in my specific circumstances a VPN is not usable). I keep banging my head against a wall which is essentially created by the way Burp forwards requests to upstream proxy servers for connections to some TLS...

  2 Agent Answers    1 Community Answer

  May 09, 2017 02:00PM UTC
• Burp Suite javax.net.ssl.SSLException: Tag mismatch!

  I have Burp Suite Professional v1.7.22 running on macOS Sierra 10.12.4 with Java: 1.8.0_131-b11 And I'm getting an error trying to establish SSL connections: In the alerts tab: Proxy - javax.net.ssl.SSLException: Tag mismatch! Proxy - Tag mismatch! Anybody ever experienced this before? I've freshly reinstalled java but with no effect

  1 Agent Answer    2 Community Answers

  May 08, 2017 03:57PM UTC
• Spider Queues Do Not Clear

  Hello, I'm using Burp 1.7.21 and when I attempt to clear the Spider queue it is not cleared. This is an issue I've had many times with larger sites over many versions of Burp. Video of behavior: http://tinypic.com/r/ruodgo/9 Thanks.

  1 Agent Answer    0 Community Answer

  May 01, 2017 08:15PM UTC
• Burp Mobile Assistant - empty Source repo on Cydia

  Hi Burp team, I am very grateful for the new Mobile Assistant feature. I downloaded it today (with Free Edition v1.7.21). I can get my jailbroken, ios 9.3.3 device to add my Cydia source: http://localhost:8080 but the package is always empty, after successfully adding the source. I am updated on Cydia Substrate (version 0.9.6301). Any ideas?

  1 Community Answer

  May 01, 2017 01:55PM UTC