Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Bug in bookmarking feature

Ryoya | Last updated: Dec 05, 2023 03:05AM UTC

https://forum.portswigger.net/thread/chromium-bookmark-issue-d3fa533c2306 Please address the above issue, as it appears that it has not been corrected to date. We have also confirmed that access to the URL occurs when the cursor is hovered over the icon in the bookmark bar. This is even though I have not clicked on the URL yet. Since unintended accesses should be avoided in security checks, please correct this issue as well.

Michelle, PortSwigger Agent | Last updated: Dec 05, 2023 11:02AM UTC

Hi The issue where the embedded browser crashes when you try to create a bookmark will be fixed in the next Early Adopter release, which we will be releasing soon. Can you tell me a little bit more about the steps you're taking where you're seeing traffic when hovering over an icon? Is this when you're trying to create a bookmark or trying to use a saved bookmark? Which version if Burp are you using?

Ryoya | Last updated: Dec 18, 2023 01:05AM UTC

Thanks for the reply. 1. click the bookmark button as it is, the browser crashes, so bookmark registration is done from the context menu "Add Page" in the bookmark bar 2. when you hover the mouse cursor over the icon of a page registered in the bookmark bar, a communication to the page occurs (no click is made) This does not occur in normal GoogleChrome or FireFox. This also occurs in Professional 2023.11.1.3.

Michelle, PortSwigger Agent | Last updated: Dec 18, 2023 12:05PM UTC

Hi Do you see the same behavior if you use the latest Early Adopter version (2023.12.1)? We've included a fix for the browser crashing when you try to add a bookmark.

Ryoya | Last updated: Dec 20, 2023 02:37AM UTC

When tested with the Early Adopter version (2023.12.1), the browser crashes when clicking on the bookmark button has been fixed. Thank you very much. However, the communication still occurs when hovering the mouse cursor over the icon in the bookmarks bar. This event occurs both when adding a bookmark manually and when adding a bookmark from the bookmark button. If this does not reproduce in your browser, please clear your browser cache. Because, depending on the value of the Cache-Control header of the bookmarked website, the communication will not occur if it is already cached. Also, make sure that the bookmark is always visible in the bookmarks bar, not in the bookmarks folder.

Ryoya | Last updated: Dec 20, 2023 03:03AM UTC

We found the cause. It was due to the fact that the Settings > Performance > Preload pages setting was enabled by default, which caused traffic when hovering the mouse cursor over the icon of a bookmarked website. It appears that the Burp bug was not the cause. My apologies.

Ryoya | Last updated: Dec 20, 2023 04:02AM UTC

Sorry to bother you over and over. As for the traffic when hovering over the bookmark bar, turning off the Preload pages setting solved the problem. However, in GoogleChrome, the same setting did not cause traffic on the bookmarks bar. It is possible that this behavior is specific to Burp's built-in browser, so we would appreciate it if you could check this behavior to be sure. If it is not a bug, please let this matter go.

Michelle, PortSwigger Agent | Last updated: Dec 20, 2023 09:20AM UTC

Hi Thanks for the update. To help me make sure I'm replicating your environment correctly, can I check if your Burp embedded browser is set to use Standard preloading or Extended preloading under Settings > Performance > Speed > Preload pages?

Ryoya | Last updated: Dec 21, 2023 01:48AM UTC

My Burp built-in browser's Preload pages setting is "Standard preloading". I have not made any changes from the default.

Michelle, PortSwigger Agent | Last updated: Dec 21, 2023 08:17AM UTC