Burp Suite User Forum

Create new post

ARM64 browser on Linux

Steev | Last updated: Jul 05, 2022 05:06PM UTC

Hey all, Steev from the Kali team here. This is semi related to the other bug about BurpSuite Pro on Kali in a VM on MacBooks with the M1 processor ( https://forum.portswigger.net/thread/burpsuite-professional-on-kali-arm-running-on-macbook-pro-with-m1-processor-46d01637 ) We'd love to see better support on arm64 as well. I've tried a few things here, to get things to work, but unfortunately, it's just not quite working out. BurpSuite comes with a number of browsers packed with it, namely Linux/x86_64, Windows/x86_64, MacOS/x86_64 and MacOS/arm64 - Chrome is not available (as far as I know) on any other platforms, so unfortunately, there isn't a Linux/arm64 browser packaged in. When BurpSuite starts for the first time (or after an upgrade which includes a browser upgrade), it extracts the Linux tarball, without any regard to the architecture. I've tried creating a backup of the x86_64 browser directory, and then using rsync to copy a Chromium installation in (and then renaming chromium to chrome), and while this allows for things like launching the documentation and help, unfortunately, after a little while, this simply exits, and unfortunately, there isn't a good error message for why it is crashing. What would be nice is if a) burp would stop extracting the browser tarball, regardless of architecture on linux, and actually check that it is on amd64 first - this would save linux/arm64 users about 340MB of space, since the browser cannot be used and b) check if linux/arm64 and if so, tell users that they will need to use their own browser. At least as a possible stop gap measure until we have a linux/arm64 browser available. I'm more than willing to do any testing to make this happen and I have a number of Linux/Windows/Mac arm64 machines at my disposal to test if need be. You can also reach out, if needed, at my kali email address which is my name @kali.org

Ben, PortSwigger Agent | Last updated: Jul 07, 2022 08:38AM UTC

Hi Steev, Thank you for your message - the situation regarding this is as follows. As you have alluded to, we introduced a version of Burp (in the form of a dedicated installer and provision in the standalone Jar file version of Burp) that is compatible with M1 (ARM64) processors towards the tail end of last year. We do have an existing feature request to do the same for Linux ARM64 machines and we are currently monitoring the demand for this (just to reassure you that this is something that we do have recorded). As it currently stands (on Linux ARM64 machines), the Linux platform installer version of Burp will not successfully install due to the lack of a compatible version of Java (the installable versions of Burp come embedded with their own JRE which is unpacked and configured during the installation process) and, as you yourself have experienced, the embedded browser will not launch when using the standalone Jar file version of Burp. I can certainly raise your suggestions with the development team in order to gauge whether this is an approach that we would like to take to better manage how we handle these issues on Linux ARM64 machines in the interim period whilst we do not have dedicated support.

Ben, PortSwigger Agent | Last updated: Jul 15, 2022 01:00PM UTC

Hi Steev, I just wanted to come back to you on this. As noted in my original message, we do have a specific feature request to provide Linux ARM64 support recorded in our development backlog. At the moment, we believe this is going to be quite a significant piece of work so it is not, unfortunately, in our immediate plans Having discussed this with the development teams we do feel, however, that we could be doing a better job of making users aware that we do not currently fully support Linux ARM64 machines (in terms of documentation on our site) and also within the product itself. In view of this I have raised a couple of items internally - firstly to create documentation on our site that tells users that we do not fully support running Burp on this architecture. Secondly, to improve the embedded browser health check so that users who are running the Jar file version of Burp (we tend to see this a lot with users who are using Kali on virtual machines so they may not have explicitly obtained Burp from us) are given a more helpful error message explaining why the browser is not launching for them. Something that I did not cover in your original message - the version of Chromium that we ship with Burp is also patched to work in conjunction with Burp so simply replacing the binary manually is not a viable option and getting this to work on this architecture does rely on us carrying out the development work to achieve this.

Steev | Last updated: Jul 19, 2022 05:58PM UTC

Hi Ben, The notification options do seem to be the best, until a point is reached where a good jre can be found - fwiw, I'm using Microsoft's aarch64 jdk on my Lenovo Thinkpad X13s for Windows ARM64, as well as tested that it works on Linux. https://github.com/microsoft/openjdk-aarch64/releases which, unfortunately, they don't seem to have only a jre. Regarding the patched Chromium, if you're even able to share, are the changes invasive? If they aren't particularly invasive, we could see about adding them in to Kali. I understand if you can't or are unable to share though. Thanks for the fast response!

Ben, PortSwigger Agent | Last updated: Jul 21, 2022 11:38AM UTC

Hi Steev, The changes require some development work on our side so it is not something that we can share. Rest assured, as and when we do implement Linux ARM64 support we will let you know by updating this forum thread.

0x04E0x00x011111111 | Last updated: May 18, 2023 05:35PM UTC

Hi Ben, Bumping this back up, but as Steev mentioned, can we get the chromium browser packaged with the jar so that when Kali is updated both the latest burpsuite community edition and chromium browser can be used with APT? Currently workflow for myself and my teams are requiring every other update to manually install. I prefer having new testers just using APT to update and not having to manual install for latest release.

Ben, PortSwigger Agent | Last updated: May 19, 2023 07:00AM UTC

Hi, Now that we do have a dedicated Linux ARM64 installer, we made the decision not to include the compatible embedded browser files for Linux ARM64 within the standalone Jar file version of Burp. The thinking behind this is that the Jar file is steadily increasing in size anyway so we would prefer not to increase the size further by including files that are only going to be potentially used by a small subset of users.

Steev | Last updated: May 21, 2023 09:03AM UTC

Hi Ben, That is a bit unfortunate, as Kali (and possibly other distributions), it is easier to package the jar file and not the installer. In fact, I would think the opposite would be true, other OS would make more sense to use the installer and not the Jar, so including the macOS version(s) and Windows version(s) of the browser make less sense in it (in fact, in Kali, we delete the Windows and macOS browsers from the jar file as you can see here - https://gitlab.com/kalilinux/packages/burpsuite/-/blob/kali/master/debian/rules#L9

Steev | Last updated: May 21, 2023 09:12AM UTC

Additionally, for what it's worth, while we don't have exact numbers, to give you a few rough guesstimates, the ARM64 ISO which is used for installing Kali on macOS Apple Silicon VMs has roughly 600K downloads since 2023.1 was release, and the arm64 RaspberryPi image has had roughly 100K. Burpsuite is included in all of these, despite the lack of browser.

0x04E0x00x011111111 | Last updated: Jun 26, 2023 04:36PM UTC

hi Ben, bringing this one back up. cause there are quite alot of teams with m1/m2 macs that would like to have the embedded browser of chromium with burpsuite. Please include the compatible embedded browser files for Linux ARM64 within the standalone Jar file version of Burp. this decision seems to eliminate the number of users in arm64 isos. and those that are migrating to apple silicon. Also, please note, your latest how to videos are using kali linux to demo features with burpsuite. For consistency across all OS types, please include the chromium browser for linux ARM64.

Ben, PortSwigger Agent | Last updated: Jun 27, 2023 06:56AM UTC

Hi, Just to clarify, you can simply obtain the specific Linux ARM64 compatible installable version of Burp (either Burp Professional or Burp Community) from our release page and use that in order to be able to use the embedded browser.

0x04E0x00x011111111 | Last updated: Jun 27, 2023 01:36PM UTC

hi ben, i understand that point, however as mentioned from @steev , for kali linux and their package management system, you guys have embedded the browser for the x86 versions, yet for the past 4 releases for ARM chips have not included the browser within the jar for kali linux for arm64. what my ask is, instead of having end users having to update burpsuite twice(both with apt package tool and then manual download) can you please include the browser within the jar file ??? as mentioned by other user steev, the 600k user downloads is not a small set of users, and I only foresee that size growing as users migrate from x86 apple chipsets, to apple arm silicon chipsets. please include browser in the jar for arm64/apple silicon.

Ben, PortSwigger Agent | Last updated: Jun 27, 2023 05:12PM UTC

Hi, Apologies, I misread your post - I assumed you were not aware that there was now a way to actually run a fully fledged version of Burp on that architecture. As noted, removing the M1 and Linux ARM64 binaries from the standalone Jar was a deliberate decision from our side but we can certainly discuss this internally to see if this is something we want to consider reverting or to keep track of how many users might want this reverted going forward.

Ben, PortSwigger Agent | Last updated: Jul 04, 2023 07:14AM UTC

Hi Steev, Is it possible we could jump on a call with you (or someone else from the Kali side) in order to understand your requirements a bit better? The upshot of our conversations here are that, for various reasons, we really do not want to revert the Jar file back to including these additional binary files but we do want to make this work for you so having a conversation about this might be the best way forward for both sides. Would you be able to drop us an email at support@portswigger.net so that we can get this arranged?

0x04E0x00x011111111 | Last updated: Jul 18, 2023 07:54PM UTC

This is exciting news to hear! I hope @Steev and @Ben are able to get this done, so I can finally just do apt update/apt upgrade and the burpsuite on Arm64 VM from Kali Linux will have chromium browser built in now!

wycywupo | Last updated: Jul 30, 2023 04:25AM UTC

Hi! Is there any way to add Mac Arm64 version of chromium in JAR version of burp suite too? I know there is an official version of Mac M1 installer out there with proper chromium, but I use JAR file and it contains only chromium-linux64 chromium-macosx64 chromium-win64. If its not, Can you please guide me to install it myself? Thanks!

Ben, PortSwigger Agent | Last updated: Jul 31, 2023 08:43AM UTC

Hi, The Chromium browser included within Burp has been modified to work in conjunction with Burp itself so you cannot simply add an external version of Chromium and mimic how the embedded browser works, I am afraid. As it currently stands, you would need to either use the specific Linux ARM64 installable version of Burp (if you want to make use of the embedded browser) or you can install an external version of Chrome/Chromium and use this as an external browser to proxy your traffic through Burp.

0x04E0x00x011111111 | Last updated: Aug 10, 2023 03:55PM UTC

Hi Ben, and Steev,,, can we get the browser binaries in for the kali linux arm64 version within the jar file as requested and mentioned above? I will ping steev within the gitlab repo and ask him to ping you that way we can have the embedded browser running on arm64 within the kali linux arm64 image.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.