Burp Suite User Forum

Login to post

Burp Intruder consuming all RAM memory

ocapabode | Last updated: Aug 20, 2022 12:36AM UTC

When using Turbo intruder for brute force attack with 29 million passwords, the extension consumes all ram memory in few hours. My laptop has 32GB of RAM. What would be the problem? Why does the turbo intruder store something that fills up all the ram after a few hours?

ocapabode | Last updated: Aug 20, 2022 12:39AM UTC

I use Burp Suite Community installed on Kali Linux

Ben, PortSwigger Agent | Last updated: Aug 22, 2022 04:18PM UTC

Hi, If you are using Burp Community you will be using a temporary Burp project file rather than a disk-based Burp project file. Temporary Burp project files store information in RAM rather than writing information to disk memory (which is how disk-based project files work). In effect, the more work you carry out in a single temporary project file the more RAM that will be used in order to maintain the information that Burp is holding within the temporary project file. Are you able to answer the following questions: - Are you initiating a fresh temporary project when you come to launch this attack? - Do you only see this issue when you launch this particular attack i.e. other, smaller Turbo Intruder attacks work as expected? - Do you have any other extensions loaded when you perform the attack? - Are you using Kali Linux on a virtual machine or is it installed as the main operating system on your laptop? If you are using Kali in a virtual machine, how much RAM does the virtual machine have allocated to it and how much RAM is available to Burp (you can find out the latter via the Help -> Diagnostic main menu option and looking for the 'Max memory' entry).

ocapabode | Last updated: Aug 22, 2022 07:01PM UTC

- Are you initiating a fresh temporary project when you come to launch this attack? Yes, I'm using the temporary project. - Do you only see this issue when you launch this particular attack i.e. other, smaller Turbo Intruder attacks work as expected? Yes, they work as expected because they don't need all the ram memory on my notebook. - Do you have any other extensions loaded when you perform the attack? No, just the Intruder - Are you using Kali Linux in a virtual machine or is it installed as your laptop's main operating system? I use it installed as the main operating system on the notebook's own hard drive.

Ben, PortSwigger Agent | Last updated: Aug 23, 2022 05:41PM UTC

Hi, Are you using one of the built-in scripts to conduct the attack? If so, can you confirm which one are you using?

ocapabode | Last updated: Aug 26, 2022 09:28PM UTC

Yes, I use BASIC.PY

Ben, PortSwigger Agent | Last updated: Aug 30, 2022 11:41AM UTC

Hi, The basic.py script does write the results of the attack to a table within Turbo Intruder so, in essence, Burp is attempting to hold the results of the 29 million password attack in memory in order to display these to you. The assumption would be, which is borne out in some testing that I have been performing, that the attack is so large that it consumes the memory that you have available. The suggestion would be to either alter the number of passwords that you are using in the attack (maybe you could split the attack up in some fashion) or further fine tune what is getting added to the results table (the default basic.py script will add any request that does not have a 404 status to the results table).

You need to Log in to post a reply. Or register here, for free.