Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Auto Backup Option

Karthik | Last updated: Jul 26, 2016 12:31PM UTC

Hi, I have been using previous version of Burp - 1.6.x where there used to be an option to Automatically Backup Burp's state periodically under the options tab, but with version 1.7.x we don't see that option, However, we see an option to create a project which seems to achieve the same purpose - but we don't have a time period in which the backup will happen - Please confirm Also, if we need periodical backup, what is the option ?

Liam, PortSwigger Agent | Last updated: Jul 26, 2016 12:34PM UTC

Hi Karthik Thanks for your message. Data is saved automatically in real time. There is no need to specifically save your work when you are finished. If Burp exits abnormally, all its data is preserved. Please let us know if you need any further assistance.

Burp User | Last updated: Jul 29, 2016 06:49AM UTC

Hi Liam, Thanks for the message. I would like to periodically auto-save as it was available in previous version. This is the use case: With the previous versions (1.6.x) I am scanning a web application that uses user credentials to maintain a session. Lets say I have been scanning the application for past 7 hours and auto backup is enabled to occur every 30-minutes. If for some reason, the session gets invalidated at 4 hr 45 minutes, but I notice this at 7 hr 0th minute. 00:00 - Scan Started 00:30 - Auto Backup 1 02:00 - Auto Backup 2 02:30 - Auto Backup 3 03:00 - Auto Backup 4 03:30 - Auto Backup 5 04:00 - Auto Backup 6 04:30 - Auto Backup 7 04:45 - Session invalidated 05:00 - Auto Backup 8 05:30 - Auto Backup 9 06:00 - Auto Backup 10 06:30 - Auto Backup 11 07:00 - only at this time I noticed that session got invalidated I could then restore the backup that was created at 4 hr 30 minute (auto backup 7) and resume scanning, by this way, only 15 minutes of scan was wasted and I can avoid scanning from the beginning. With the current version (1.7.x) Even though I have live and current backup, I cannot use this to restore anything. I may have to scan from the beginning once again. ( Even if I restore from the live backup, I may have 2 hr 15 min of invalid session scan results) I can use macros to detect a session, but that doesn't succeed always and I prefer the previous option of restoring from timely backups Anyway to achieve my goal ?

PortSwigger Agent | Last updated: Jul 29, 2016 09:01AM UTC

Data is saved incrementally into Burp project files, but there isn't a way to reopen an old snapshot of a project. We might implement this capability if enough people ask for it. However, I'm not sure this would help with your use case. If your session with the application has become invalid, then reverting to an old project file won't recover a valid session. The best way to deal with this situation would be to use session handling rules in Burp, to verify whether your session is valid, and recover if necessary.

Burp User | Last updated: Aug 29, 2016 02:24PM UTC

Hi Dafydd, Thanks for the response. By reverting to an old project file, I am not intending to recover a valid session. Considering the above time lines, session gets invalidated after 04:45 hrs since the scan started, but I notice only at 7:00 hrs. I will restore the auto backup 7 that was created at 4:00 hrs (the immediate one prior to session invalidation) and resume scanning - however, here I will create a new session, will not be depending upon the old session if this individual snapshot was not available, like the current case, I would have to find out when the session got invalidated, find out the URL that was scanned at that time, cancel the running scan and rescan starting from the URLs that were scanned with invalid session. if individual snapshot was available, I can just restore the auto-backup file that was created immediately before session invalidated and resume scanning after creating a new session. this way worked for me better than the session handling rules.

PortSwigger Agent | Last updated: Aug 30, 2016 10:35AM UTC

You can probably do what you want easily enough in the new version. The active scan queue will show the status of all the relevant items, and supports bulk operations. Multi-select all the items after the scan failed, right-click, choose scan again.

Burp User | Last updated: Oct 18, 2016 11:07PM UTC

This is a feature that I would like as well. The use case he is describing is a workflow issue that I run into as well. I love the new project automatic saving, it is better in many situations.

PortSwigger Agent | Last updated: Oct 19, 2016 08:06AM UTC

The option to create snapshot backups of project files is in our roadmap. In the meantime, if you are running into corrupted project files, please email support@portswigger.net with details of the event that caused the corruption (e.g. OS termination), your platform etc., and (if at all possible) a copy of the affected project file.

Burp User | Last updated: Dec 21, 2016 09:13PM UTC

Hi. I've had two corrupt projects occur during the last 2 months. I'd like to see a project backup option returned to Burp, please. While the project file concept is great, it provides a single points of failure. Please return the project backup feature so that I can backup by project daily, automatically.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.