Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Cannot set up Chromium DevTools overrides in embedded browser

Carl | Last updated: Oct 14, 2020 05:14PM UTC

When I open DevTools -> Sources -> Overrides and select a new folder for overrides, I get the prompt "DevTOols requests full access to [path...]". I click Allow, and then nothing happens. I do not have this issue with Chrome 85 on the same system.

Uthman, PortSwigger Agent | Last updated: Oct 15, 2020 07:23AM UTC

Hi Carl, Can you clarify what you are trying to do, please?

Carl | Last updated: Oct 16, 2020 01:54PM UTC

Please refer to Google's documentation on this feature: https://developers.google.com/web/updates/2018/01/devtools Specifically, the instructions copied from the above link: To set up Local Overrides: 1. Open the Sources panel. 2. Open the Overrides tab. 3. Click Setup Overrides. 4. Select which directory you want to save your changes to. 5. At the top of your viewport, click Allow to give DevTools read and write access to the directory. 6. Make your changes. The issue is that after step 5, the newly added directory should appear in the Overrides tab, and the user could proceed with using the Overrides feature. This is not the case for the Burp embedded browser. I originally discovered this issue in Burp Pro 2020.9.2 on Windows 10, and just now was able to reproduce in Burp Community 2020.9.1 on Kali.

Uthman, PortSwigger Agent | Last updated: Oct 16, 2020 02:37PM UTC

Thanks a lot. The embedded browser is launched with a lot of default command-line parameters. One of these is --disable-file-system, which I presume is causing your issue. Our development team will look into this further to determine which parameters are appropriate for the proxy browser and which are appropriate for the crawl.

Carl | Last updated: Oct 16, 2020 04:37PM UTC

Thanks for the update. The overrides feature is a great way for a pentester to modify javascript on the fly. It would be great if the Burp browser can support it.

Samuel, | Last updated: Jan 25, 2022 11:50AM UTC

Are there any updates on this issue? I am missing the feature of JS overrides in Burp's browser very much.

Uthman, PortSwigger Agent | Last updated: Feb 04, 2022 10:26AM UTC

Hi,

Just a quick update for you guys - we've created a development ticket and will track the popularity/interest in this feature.

We'll update this thread if/when it has been implemented.

yyang | Last updated: Sep 13, 2022 06:16PM UTC

Please provide an option to allow file system access. Thanks.

Ben, PortSwigger Agent | Last updated: Sep 14, 2022 11:03AM UTC

Hi, We have added your interest to the existing feature request that we have for this functionality (we are still currently monitoring the demand for it). As noted, we will update this forum thread if we have any further news to share.

Kronux | Last updated: Aug 07, 2024 01:27AM UTC

Still no solution to this?, we need this feature (allow filesystem overrides in burps browser)

Michelle, PortSwigger Agent | Last updated: Aug 07, 2024 03:54PM UTC

Hi At the time, I'm afraid we didn't have much interest in this feature. Is this an option you'd just want to use when performing manual testing using Burp's embedded browser? Are you currently using another browser proxied via Burp to work around this? How regularly do you need to use this feature?

Svitic | Last updated: Sep 02, 2024 12:21PM UTC

Hi, The truth is, I need this feature in almost every project I work on, making it an essential part of my workflow. Currently, the only workaround is to use another browser proxied through Burp... However, I have found a less-than-elegant solution to run the Chromium browser from BurpSuite with modified settings. Follow these steps: Open Chromium from BurpSuite: Open the Chromium browser that comes with BurpSuite. Access Browser Command Line: Navigate to chrome://version/ in the browser. Copy the Command Line: Copy the full command line used to launch the browser. This should be similar for both Linux and Windows. Edit the Command Line: Remove the --disable-file-system flag. If you encounter an error, modify --proxy-bypass-list=<-loopback> to --proxy-bypass-list=-loopback. Run the Final Command: Paste and run the edited command in your terminal (Linux) or Command Prompt (Windows). Your command should look similar to the examples below: Windows Example: "C:\path\to\AppData\Local\Programs\BurpSuitePro\burpbrowser\127.0.6533.100\chrome.exe" --disable-ipc-flooding-protection --disable-xss-auditor --disable-bundled-ppapi-flash --disable-plugins-discovery --disable-default-apps --disable-prerender-local-predictor --disable-sync --disable-breakpad --disable-crash-reporter --disable-prerender-local-predictor --disk-cache-size=0 --disable-settings-window --disable-notifications --disable-speech-api --disable-presentation-api --disable-permissions-api --disable-new-zip-unpacker --disable-media-session-api --no-experiments --no-events --no-first-run --no-default-browser-check --no-pings --no-service-autorun --media-cache-size=0 --use-fake-device-for-media-stream --dbus-stub --disable-background-networking --disable-features=ChromeWhatsNewUI,HttpsUpgrades,ImageServiceObserveSyncDownloadStatus --proxy-server=localhost:8080 --proxy-bypass-list=-loopback --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" --user-data-dir="C:\path\to\AppData\Roaming\BurpSuite\pre-wired-browser" --ignore-certificate-errors --disable-features=TrackingProtection3pcd --load-extension="C:\path\to\AppData\Roaming\BurpSuite\burp-chromium-extension" Kali Example: /home/kali/BurpSuitePro/burpbrowser/127.0.6533.99/chrome --disable-ipc-flooding-protection --disable-xss-auditor --disable-bundled-ppapi-flash --disable-plugins-discovery --disable-default-apps --disable-prerender-local-predictor --disable-sync --disable-breakpad --disable-crash-reporter --disable-prerender-local-predictor --disk-cache-size=0 --disable-settings-window --disable-notifications --disable-speech-api --disable-presentation-api --disable-permissions-api --disable-new-zip-unpacker --disable-media-session-api --no-experiments --no-events --no-first-run --no-default-browser-check --no-pings --no-service-autorun --media-cache-size=0 --use-fake-device-for-media-stream --dbus-stub --disable-background-networking --disable-features=ChromeWhatsNewUI,HttpsUpgrades,ImageServiceObserveSyncDownloadStatus --proxy-server=localhost:8080 --proxy-bypass-list=-loopback --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36" --user-data-dir=/home/kali/.BurpSuite/pre-wired-browser --ignore-certificate-errors --disable-features=TrackingProtection3pcd --load-extension=/home/kali/.BurpSuite/burp-chromium-extension chrome://newtab Such approach should even allow you to run the browser with the necessary adjustments, bypassing some of the default security features that may be interfering with your tests.

Cyrus | Last updated: Sep 19, 2024 12:01AM UTC

Hello, I also want this functionality implemented, where do we register interest for it?

Ben, PortSwigger Agent | Last updated: Sep 19, 2024 09:07AM UTC