Clickbandit broken in latest Chrome?
Hi, Clickbandit appears to be broken in Chrome 62, and if I'm understanding the issue correctly, it's been broken since Chrome 60 due to this change: https://bugs.chromium.org/p/chromium/issues/detail?id=684011&desc=2 The symptoms are that when you click "finish" after clicking around the target site, nothing appears to happen, and an error in the console is reported...1 Agent Answer 0 Community AnswerNov 03, 2017 01:57AM UTC
Drop down menu bug
In some cases, when burp presents a drop down menu with previous used values (for example when filling in the Fixed time trottle in the options of intruder), the white "block" which is an empty drop down menu does not dissapear after filling in or clicking somewhere else. This white blocks stay in front of the screen until you quit burp, which is really annoying if you have to read the v...2 Agent Answers 1 Community AnswerNov 02, 2017 03:05PM UTC
Burp Suit and genymotion not rendering https traffic correct.
I am trying to intercept Chrome https traffic in Genymotion. I have installed the certificate in android and I am not using an external proxy. Wifi connection on Genymotion is set to 192.168.1.188 (localhost) and port 8080 which is the listener settings in Genymotion. I have followed all instructions in the documentation. I get connection to Burp Suit but the site that is requested is not di...1 Agent Answer 0 Community AnswerNov 01, 2017 05:28PM UTC
Header lines with improper terminators manipulated by Burp in strange ways
I'm currently testing an embedded device with a cgi-script that terminates header lines with only '\n', and '\n\n' at the end of all headers. While not RFC-compliant, browsers seem to handle this just fine. However, when it goes through Burp, the '\n\n' is replaced with '\n\r\n\r\n', which the browser interprets as *3* newlines, causing an extra newli...1 Agent Answer 0 Community AnswerOct 29, 2017 12:54AM UTC
Scanner misses vulnerabilitites due to improper application demarcation
Hello, Consider this scenario: Application A https://hostname/ (out of scope) Application B https://hostname/appB/ (in scope) If we choose to scan application B, then the scanner checks only application A for server level issues. So we miss the application's B vulnerabilities and at same time we touch another app that we shouldn't. Note: Target->File field is set to ^/appB/.*...3 Agent Answers 2 Community AnswersOct 28, 2017 01:59PM UTC
unknown host error
please tell solution . when i browse and intercept and request is forward then error show is unknown host2 Agent Answers 2 Community AnswersOct 21, 2017 04:58AM UTC
UTF-8 search not working
When I'm in Repeater, and copy string containing UTF-8 characters (like word "käytettävissä") from the response, it is not found (in the same response). Could you enhance search to cover UTF-8 characters as well?1 Agent Answer 0 Community AnswerOct 16, 2017 06:49AM UTC
Burp API - IContextMenuInvocation - Modified request/response access/hinting
In the Burp extender API when retrieving the selected messages from the proxy history, I don't see any way to know if the selection occurs into a modified response/request panel or the original one. IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_RESPONSE are the only indicators available. Additionally the IHttpRequestResponse object does...3 Agent Answers 2 Community AnswersOct 10, 2017 03:38PM UTC
Compare site map feature freezes during comparison
Compare site map feature gets stuck when performing the comparison. This has happened to me almost every time I use the feature against comprehensive sitemap. I've noticed that specific sitemap entries will trigger this error. To circumvent the issue, I have to pinpoint which sitemap entry is the causing the issue by performing the comparison against a small portion of the sitemap until it fr...1 Agent Answer 0 Community AnswerOct 05, 2017 07:18PM UTC
Is external service interaction vulnerability exploitable.
Hello, In most of the scan, burp reports, External Service Interaction vulnerability either in HTTP/S or DNS. I am not sure how this can be exploited on server side. I see some similarities to SSRF, but could not find any way to exploit. can someone please share some additional information on this?1 Agent Answer 0 Community AnswerOct 04, 2017 01:51PM UTC