Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Capacity overflow with SetStringList in Montoya

Tyler | Last updated: Aug 04, 2023 10:52AM UTC

Hi, I'm getting this error in Burp when using Persistence setStringList: java.lang.IllegalArgumentException: Capacity overflow: -2147483648 at burp.Zbj5.Zdp(Unknown Source) at burp.Zbjy.ZQ(Unknown Source) at burp.Zbjc.ZM(Unknown Source) at burp.Zbjc.ZV(Unknown Source) at burp.Zbp6.Zi(Unknown Source) at burp.Zitr.setStringList(Unknown Source) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) at java.base/java.lang.reflect.Method.invoke(Method.java:578) at burp.Zikc.invoke(Unknown Source) at jdk.proxy2/jdk.proxy2.$Proxy18.setStringList(Unknown Source) I call this to update a list of parameters on in scope HTTP Requests, so I call it frequently but not enough to reach max int ranges. Any idea why this might be occurring? If I repeatedly set the string lists, do I need to deleteStringList first or something? Thanks

Hannah, PortSwigger Agent | Last updated: Aug 04, 2023 01:31PM UTC

Hi Could you tell me the version of Burp that you are using so we can take a look at your error message in more detail?

Tyler | Last updated: Aug 05, 2023 10:11AM UTC

Hi, it was Burp 2023.8. After this error, when I attempted to load from persistence, the list returned a non null value but gave this error when trying to retrieve data from the persistedList java.lang.NullPointerException: Cannot invoke "Object.toString()" because the return value of "java.util.Iterator.next()" is null at burp.Zj_w.ZE(Unknown Source) at burp.Zj_w.next(Unknown Source) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) at java.base/java.lang.reflect.Method.invoke(Method.java:578) at burp.Zk4y.invoke(Unknown Source) at jdk.proxy2/jdk.proxy2.$Proxy21.next(Unknown Source) Thanks

Tyler | Last updated: Aug 05, 2023 10:12AM UTC

Additionally, the burp file became over 23GB - all I store is URLs, their scan counts, parameters and their parameter counts! Removing extension data took it down to 800mb.

Tyler | Last updated: Aug 06, 2023 06:58PM UTC

Hi, I just had a thought about debugging the size issue - is there a way I can open and Analyse a .burp project file to see the contents? The only thing I can think of is its saving another copy of the data each time i save it, causing the exponential increase in burp file size. Thanks

Hannah, PortSwigger Agent | Last updated: Aug 07, 2023 12:21PM UTC

Hi.

Are you using "setStringList()" every time that you wish to update the list?

You should be able to use regular List operations to add and remove items from the PersistedList.

Tyler | Last updated: Aug 09, 2023 06:44AM UTC

oh my god, I can just do urlList.add("url") instead of setting new data everytime? I was under the impression I needed to overwrite the persistence! Thank you, I'll give that a go because that sounds exactly like something that would cause exponential size

Tyler | Last updated: Aug 09, 2023 08:29AM UTC

What do you do for primitive objects in persistence like strings? so I do: persistenceData.setString("url-1", urlName); if I want to update that value, do I need to just update urlName or do I need to use setString again?

Hannah, PortSwigger Agent | Last updated: Aug 09, 2023 02:56PM UTC

For Strings and other objects that are not PersistedLists, you will still need to set them again after modifications have been made. In the documentation for PersistedList, we mention that the methods of this list operate on the underlying persisted data, but this point should probably be more clearly defined. We'll look into adding some further documentation for this to make it clearer in the future. You can find an example extension that demonstrates using Persistence here: https://github.com/PortSwigger/burp-extensions-montoya-api-examples/tree/main/persistence If there's anything else we can help with, then please let us know.

Tyler | Last updated: Aug 10, 2023 03:41PM UTC

Appreciate it, its on me for not reading the docs properly. Thanks for your help as always!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.