Burp Suite User Forum

2.1.04 scanner stalling on pretty much every test

Ian | Last updated: Nov 05, 2019 01:58PM UTC

Hello, I've been trying to use the newer burp but so far I'm having great trouble making it actually perform its job effectively due to scans rarely finishing and having to frequently be "unstuck". The pattern at the moment is for a scan to be started with some settings setup up to try and prevent lock-ups, at the moment the "handling application errors during audit" is set to skip remaining checks if there's 1 failure, and skip remaining insertion points if 1 failure is seen. It's set to pause a task only if 1,000 consecutive audit items fail. This is solely to try to prevent these dreadful lock-ups. In Project Options I've dropped all the timeouts down to about 5 seconds, again to try to prevent lock-ups. What essentially happens is that after a while, the scanner stalls. I go into audit items and find that 20 or so (however many parallel requests are permitted) items are marked as "Scanning" but nothing is happening. To get things going again I either have to change scanning resource to one that handles more simultaneous requests, or I have to select the stalled audit items, cancel them, then audit again. As a result of the constant scanner stalls, active scans rarely get past phase 1 on anything but the smallest apps. I succeeded on getting a login form through all scanning phases recently and regarded this as a bit of a victory. Just a simple login form, that's all it could do without breaking. This fixes things temporarily but it then just stalls again. I've done about 4 tests using the 2.x branch of burp but will be ripping it out and going back to 1.x for the next test until I get the OK from some of my colleagues who are persisting with it at the moment, the rest have gone back to 1.x for the same reason -- stalling scanners.

Burp User | Last updated: Nov 05, 2019 03:17PM UTC

I suspect this is a plugin as things have progressed much better since I unloaded all the plugins, is there any rapid way to find out which one is causing trouble? I tried looking at the debug tab but nothing much in there and there's no significant shell output.

Liam, PortSwigger Agent | Last updated: Nov 05, 2019 03:22PM UTC

Do you have performance feedback enabled (User options > Misc > Performance feedback)? If so, could you provide us with your diagnostics (Help > Diagnostics)? We can check for excpetions related to specific extensions. Failing that, the best way to locate the extension causing the issue would be to enable them one at a time.

Burp User | Last updated: Nov 05, 2019 04:45PM UTC

I've disabled all the plugins bar one, does this affect the usefulness of the debug information?

Mike, PortSwigger Agent | Last updated: Nov 06, 2019 09:25AM UTC

Hi Ian This won't affect the content of the debug information, if you can provide us with your Debug ID we can use that to locate the diagnostic information your Burp Suite installation is sending back to us from your testing. If you enable your extensions one at a time, and run a scan on each enabled extension, it will allow you to identify which extension is causing issues when scanning.

Burp User | Last updated: Nov 12, 2019 10:38AM UTC

OK it's stalled again, I've unloaded all the extensions while it's stalled but it's not unstuck itself (unloading a few extensions unstuck it previously, presumably by coincidence). Here's the info from debug: awt.toolkit sun.awt.X11.XToolkit exe4j.moduleName /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/BurpSuitePro file.encoding UTF-8 file.separator / i4j.vpt true i4jv 0 install4j.appDir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/ install4j.exeDir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/ install4j.jvmDir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre install4j.launcherId 70 install4j.swt false java.awt.graphicsenv sun.awt.X11GraphicsEnvironment java.awt.printerjob sun.print.PSPrinterJob java.class.path /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/.install4j/i4jruntime.jar:/home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/burpsuite_pro.jar java.class.version 55.0 java.home /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre java.io.tmpdir /tmp java.library.path /usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib java.runtime.name OpenJDK Runtime Environment java.runtime.version 11.0.2+9 java.specification.name Java Platform API Specification java.specification.vendor Oracle Corporation java.specification.version 11 java.vendor Oracle Corporation java.vendor.url http://java.oracle.com/ java.vendor.url.bug http://bugreport.java.com/bugreport/ java.vendor.version 18.9 java.version 11.0.2 java.version.date 2019-01-15 java.vm.compressedOopsMode Zero based java.vm.info mixed mode java.vm.name OpenJDK 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Oracle Corporation java.vm.specification.version 11 java.vm.vendor Oracle Corporation java.vm.version 11.0.2+9 jdk.debug release jdk.tls.allowUnsafeServerCertChange true jdk.tls.server.protocols TLSv1,TLSv1.1,TLSv1.2 os.arch amd64 os.name Linux os.version 5.3.0-kali1-amd64 path.separator : python.cachedir.skip true python.console.encoding UTF-8 sun.arch.data.model 64 sun.awt.enableExtraMouseButtons true sun.boot.library.path /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre/lib sun.cpu.endian little sun.cpu.isalist sun.font.fontmanager sun.awt.X11FontManager sun.io.unicode.encoding UnicodeLittle sun.java.command com.install4j.runtime.launcher.UnixLauncher launch ccf7dac9 0 0 burp.StartBurp sun.java.launcher SUN_STANDARD sun.jnu.encoding UTF-8 sun.management.compiler HotSpot 64-Bit Tiered Compilers sun.nio.ch.bugLevel sun.os.patch.level unknown user.country GB user.dir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro user.home /home/user1 user.language en user.name user1 user.timezone Europe/London Burp Version 2.1.04 Burp Browser Version 0.144 Burp Browser binaries /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/burpbrowser/0.144 Code source /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/burpsuite_pro.jar Debug ID pfhvwl9vahzty6jkmw9j:mps6 JAR type Installer PATH /home/user1/.bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games XAUTHORITY /home/user1/.Xauthority XDG_DATA_DIRS /usr/share:/usr/share:/usr/local/share KDE_SESSION_UID 1000 LANG en_GB.UTF-8 DBUS_SESSION_BUS_ADDRESS unix:path=/run/user/1000/bus XDG_SEAT_PATH /org/freedesktop/DisplayManager/Seat0 XDG_SESSION_ID 7 XDG_SESSION_TYPE x11 XDG_CURRENT_DESKTOP KDE DISPLAY :0 QT_AUTO_SCREEN_SCALE_FACTOR 0 SSH_AGENT_PID 841 SESSION_MANAGER local/kali2019:@/tmp/.ICE-unix/908,unix/kali2019:/tmp/.ICE-unix/908 LOGNAME user1 PWD /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro PAM_KWALLET5_LOGIN /run/user/1000/kwallet5.socket XCURSOR_THEME breeze_cursors XDG_SESSION_CLASS user LANGUAGE en_GB:en KDE_SESSION_VERSION 5 SHELL /bin/bash GPG_AGENT_INFO /run/user/1000/gnupg/S.gpg-agent:0:1 DESKTOP_SESSION /usr/share/xsessions/plasma OLDPWD /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre USER user1 DESKTOP_STARTUP_ID kali2019;1573550513;790156;924_TIME593264 KDE_FULL_SESSION true QT_ACCESSIBILITY 1 SSH_AUTH_SOCK /tmp/ssh-n16h6psQQngp/agent.800 XDG_SEAT seat0 GS_LIB /home/user1/.fonts XDG_SESSION_PATH /org/freedesktop/DisplayManager/Session1 XDG_VTNR 7 XDG_SESSION_DESKTOP KDE XDG_RUNTIME_DIR /run/user/1000 HOME /home/user1 SHLVL 0 Wsdler Extension type: Java Site Map Fetcher Extension type: Python Custom Extension type: Java Content Type Converter Extension type: Java Custom Logger Extension type: Java JSON Decoder Extension type: Python .NET Beautifier Extension type: Java WSDL Wizard Extension type: Python CMS Scanner Extension type: Java Cloud Storage Tester Extension type: Python J2EEScan Extension type: Java Additional Scanner Checks Extension type: Python Active Scan++ Extension type: Python Additional CSRF Checks Extension type: Python AuthMatrix Extension type: Python Autorize Extension type: Python Backslash Powered Scanner Extension type: Java Bypass WAF Extension type: Java CO2 Extension type: Java Error Message Checks Extension type: Java Freddy, Deserialization Bug Finder Extension type: Java HTML5 Auditor Extension type: Java HTTPoxy Scanner Extension type: Java Headers Analyzer Extension type: Python JSON Beautifier Extension type: Java Java Deserialization Scanner Extension type: Java Logger++ Extension type: Java Retire.js Extension type: Java SSL Scanner Extension type: Python Session Auth Extension type: Python Software Version Reporter Extension type: Java Software Vulnerability Scanner Extension type: Java WordPress Scanner Extension type: Python Total memory 641,728,512 Max memory 3,110,076,416 Free memory 167,549,096 Number of processors 3 Debug ID is: pfhvwl9vahzty6jkmw9j:mps6

Michelle, PortSwigger Agent | Last updated: Nov 12, 2019 12:10PM UTC

When it stalled this last time, was ‘Submit anonymous feedback about Burp’s Performance’ enabled (User options > Misc > Performance feedback)? The last data I can find from your installation is dated 7th November. Also, can you try upgrading to the latest version 2.1.05 and starting a new scan with no extensions enabled, just to confirm that we see no errors at that point? If we just disable the extensions after it has failed it won't necessarily point us at the cause of the problem.

Burp User | Last updated: Nov 12, 2019 04:09PM UTC

Ah at the moment I'm on a site where the testing machine is not connected to the internet, that's not going to help much is it ;-) If I connect it to the net then will it upload the relevant data, or will I need to make it stall again when it's got an internet connection? I'll detach the machine from the test network now and plug it into the net and do the upgrade, that might upload the performance data. I'll try to do a scan tomorrow with no extensions, it's tricky as the stall isn't that predictable.

Burp User | Last updated: Nov 12, 2019 04:35PM UTC

OK updated, I'll try it again tomorrow. Hopefully the performance data should have uploaded by now.

Burp User | Last updated: Nov 13, 2019 11:13AM UTC

Sorry but it's stalling even when no plugins are loaded. I've got limited time to deal with this as I am on paying work, I'll keep playing with it today but tomorrow I'll be going back to Burp Suite 1.7, I can't use this.

Liam, PortSwigger Agent | Last updated: Nov 13, 2019 03:48PM UTC

Ian, thanks for trying that for us. Unfortunately, we still haven't seen any debug information. Can I ask, what number do you have set for "Pause the task if * consecutive items fail"? Have you tried using Burp's Resource Pool settings to throttle your scanning? - https://portswigger.net/blog/burp-2-0-how-do-i-throttle-requests

Burp User | Last updated: Nov 13, 2019 04:32PM UTC

It's got debugging turned on, it was updated yesterday, and it's been connected to both the client network and the internet all day, and user options->misc->Performance Feedback has been on for the last 3 days. I'm on a fast internal network with a large app to test, so throttling shouldn't be needed, in fact I've created a new resource pool with 25 simultaneous requests. I've tended to do this to get scanning going again after it's stalled -- when it stalls, creating a new resource pool with more simultaneous requests than the last one had was one of the ways I'd get it unstalled. As for the value of "pause the task", I've varied that through trying to get to the bottom of this but I don't have a definitive list of what I set it to and what happened. I've never noticed any difference even when I set it to quite a high number (I think I had it up to 1000 at one point). I've also dropped timeouts down to 20 seconds (who waits 5 minutes for a DNS request after all?) as this is a fast internal app. I also altered the two "skip remaining checks" to various values to try and stop it from grinding to a halt. I suppose the best thing to do right now is to try and figure out why the debug information isn't uploading. What do we need to do this.

Liam, PortSwigger Agent | Last updated: Nov 14, 2019 08:49AM UTC

Thanks for the additional informtaion Ian. We're now seeing feedback from your instance of Burp. We can't see anything relating to Burp Scanner. Could you confirm that your debug ID remains the same? When the scan stalls, could you send a screenshot of the Audit Items tab to support@portswigger.net? Regarding support, we have just added two new members to the team and have two more joining in the coming months. I appreciate that this doesn't help with your current issue, however, we do take technical product support seriously and are actively working to improve this function.

Burp User | Last updated: Nov 14, 2019 01:48PM UTC

Stalled again on a new scan today, there are a large quantity of audit items shown as being in the "scanning" state, the scanner is not shown as paused, but there are no scan requests being sent. There is no apparent way to kick this thing into life, it's just sitting there doing nothing. On this scan there was a series of authentication failures due to a login timeout but once this has been corrected, there's no way to get the scan going again. It looks like I'll have to restart it? Is this really the way to do things in the new Burp?

Burp User | Last updated: Nov 14, 2019 03:30PM UTC

Now another scan (using 10 simultaneous requests, using the "medium active" preset to see if I can get a scan to complete properly, and only moving on to the next set of request once the first set has completed, has stalled for the second time. Last time I cancelled the stalled requests then selected them for a re-scan. It's got through phase 1 of the active scan on all of them but that's as far as it's going. This isn't terribly impressive. Also is there any way to get some more rapid support? As jobs are quite short, these long drawn-out problem solving sessions aren't going to help. It is a paid product after all so it would be nice to get some kind of progress on this.

Burp User | Last updated: Nov 14, 2019 03:35PM UTC

(While I thought that this scan profile might actually stop at phase 1, all the audit items are still showing with "Scanning" in the "Status" column.)

Burp User | Last updated: Dec 16, 2019 01:39PM UTC

It's locked up on another scan. I then quit, upgraded to the latest Burp Suite version, reloaded the burp file, unpaused it to continue the scan, and it's worked for a while but has now locked up again. This is a static website. Debug ID is pfhvwl9vahzty6jkmw9j:hgjg I'll email a screenshot to the support address quoting that debug ID.

Ben, PortSwigger Agent | Last updated: Dec 16, 2019 01:42PM UTC

Thanks Ian. We will look into the issue once we have received your email.

Liam, PortSwigger Agent | Last updated: Dec 16, 2019 01:51PM UTC

Hi Ian I've picked up the email thread. We'll respond via email.

Burp User | Last updated: Jan 06, 2020 11:44AM UTC

Hello, are there any updates on this? I'm on a test today, I updated to the latest burp suite, created a new live task to scan all items in scope, accepted all the defaults, and hit the login form with random invalid credentials. It's sent 5496 requests and has now stalled with about 20 items still with the active phase incomplete, it hasn't sent any more requests in about 10 minutes now and is using no CPU.

Burp User | Last updated: Jan 06, 2020 03:09PM UTC

Just left the above scan for an hour while I went for a break, still no progress, still stalled. It shows in the Audit Items screen as there being about 20 or so items in "scanning" state but absolutely no activity either CPU or network-wise.

You need to Log in to post a reply. Or register here, for free.