Burp Suite User Forum

Login to post

Burp being slow after update?? Fix here!!

Richard | Last updated: Jun 13, 2022 10:04AM UTC

I can confirm the slow issue. It's happened since a recent update... Since seeing one of the user's comments to remove extensions. I loaded up burp suite and removed ALL extensions and re-scanned on "https://ginandjuice.shop/" Now requests are FLYING through at the normal rate expected and not 1-2 requests a minute.. So this is an issue with an extension and the latest update. It would be great for the team to test before updates are sent out. QA testing would be beneficial in-house. To update, Removing ALL the plugins and manually adding them all back has resolved the slow issue. My initial thoughts are a possible issue in the update/upgrade process which breaks some compatibility in requests in Burp Pro. Speed has returned to normal after the manual removal and re-add. Product Improvement Request: Have the ability to save plugins and reload/refresh all at once.

Hannah, PortSwigger Agent | Last updated: Jun 13, 2022 12:44PM UTC

Hi Could you drop us an email at support@portswigger.net with your diagnostics information? You can find this by going to "Help > Diagnostics" within Burp. Additionally, could you send us a list of the extensions that you use? We have an ongoing feature request to be able to reload multiple extensions, to which I have added your +1.

Richard | Last updated: Jun 13, 2022 01:18PM UTC

Hello Hannah, I can sure, I'll get a mail with the details sent across. I don't think that will help much due to the issue being resolved. To recreate it, I would imagine installing an older burp version with a few extensions added (I'll add my list) and simply update Burp pro then check. My settings, Windows 10 (10.0.19044) Burp pro installed via the installer. Extensions in use. Active Scan ++ Param Miner Retire.js HTTP Request Smuggler J2EEScan Software Vulnerability scanner Backlash powered scanner Additional scanner checks Reflected Parameters Collaborator Everywhere Freddy, Deserialization bug finder Potential Vulenerbility scanner Java Deserilization scanner Paramalyser Java serialized payloads Js Miner Collabfilrator Upload scanner Also thanks for adding a plus one for me. Very much appreciated. Thanks.

Hannah, PortSwigger Agent | Last updated: Jun 13, 2022 01:21PM UTC

Thanks for that list! You mentioned that you were seeing slow requests when scanning - did you experience it in any other places in Burp? For example, Intruder, Repeater, or when proxying traffic from a browser.

Richard | Last updated: Jun 13, 2022 01:35PM UTC

Thanks for the reply. No, I did not actually notice it anywhere apart from the automated scans section (Including Asset Discovery). It seemed to be any host I right-clicked to open the context menu > Scan (edit your settings for the scan, Resource Pool left at the default 10) (all settings default except selecting Autid only) Then the request would start and hit 2-3 requests per min or slower. Based on previous use this was massively slower. I initially thought it may have been protections on some of the websites, WAF etc. Then caught the Gin and Juice shop tweet. So thought that would be the best place to test the issue knowing you should not block any of the requests. It was apparent at this time the issue was something in Burp and not setup or environment. So checked the forums here for any help. I came across a post related to the issue with a mention of the extensions or one of (I couldn't pinpoint the exact extension). I was more than happy with the speed being back at this time. Kind regards, Rich.

Hannah, PortSwigger Agent | Last updated: Jun 13, 2022 01:40PM UTC

Hi Rich Thanks for the detailed information! We'll take a look at replicating this ourselves to see if we can find the cause of the issue. I'm glad that reloading the extensions resolved this issue for you - please let us know if you come across this again in the future.

You need to Log in to post a reply. Or register here, for free.