Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp hangs upon saved state file overwrite.

Filip | Last updated: Apr 29, 2016 05:42AM UTC

Burp in version 1.7.02beta hangs indefinitely on an attempt to save a state in the existing file (overwrite). The whole UI starts to behave erratically and burp cannot be exited otherwise than being killed.

Burp User | Last updated: Apr 29, 2016 05:50AM UTC

Warning: Because the overwritten file gets zeroed immediately any previous burp logs and configuration are lost. Logs from the current session are never get written to file too. The only thing that can be partly saved are burp's temporary files, which include HTTP requests in intercepted. Save files from the Burp temporary directory to save at least some of the information. Hint #1: Despite the fact there's new projects on disk feature, I would opt for having back periodic automatic state save in a user specified directory as it was in previous versions. Hint #2: The update popup window could contain some information about the new changes/risks related to beta/anything.

PortSwigger Agent | Last updated: Apr 29, 2016 07:53AM UTC

We're not seeing any problem with saving state and overwriting an existing state file. It sounds like you might have tried to save state and specified the actual project file (not state file) that you are currently working from. This will be catastrophic because Burp's current data is held in the project file, and as soon as you replace the file the data is lost, so you cannot save anything and you have trashed your project file.

PortSwigger Agent | Last updated: Apr 29, 2016 08:14AM UTC

We are looking into ways of helping the user avoid this kind of mistake happening.

Burp User | Last updated: May 01, 2016 07:15AM UTC

That would seem to be the case. Clearly, I mistakenly thought about the project files as a state files on steroids. I do realise that It can be difficult to prevent users from doing all wrong things. However, because it's very easy to shoot yourself in the foot using this new feature, perhaps adding some sanity check on the destination file is worth considering?

PortSwigger Agent | Last updated: May 12, 2016 02:41PM UTC