Burp Suite User Forum

Login to post

Corrupted Project

Ema | Last updated: Nov 09, 2021 09:50AM UTC

Hi, I was working on last stable Burp version (2021.9.1). Yesterday i closed the project without error, however this morning upon opening the project i received a "corrupted project" error and i am not able to restore it successfully. I have already tried to open copies of the corrupted file with the following burp versions, but all failed: 2021.8.4 2021.10 The project is roughly 4.2 GB in size. Can you please help me? Thank you.

Ema | Last updated: Nov 09, 2021 10:41AM UTC

Forgot to mention i am using the burpsuite professional version.

Ben, PortSwigger Agent | Last updated: Nov 10, 2021 01:14PM UTC

Hi Ema, In terms of the corruption itself - is this the first time that you have experienced issues like this with Burp projects? If so, did anything out of the ordinary happen to either Burp or the machine that Burp is installed on at the point where you exited or reloaded the project file (it sounds like this is not the case but just to check)? In addition, are you saving and storing the Burp project files on a standard local drive on your machine or some kind of network/shared location?

Ema | Last updated: Nov 10, 2021 03:56PM UTC

Hi Ben, this is the second time this has happened to me, the first time it happened on a different project a couple of months ago but i was able to restore it. Both times i noticed nothing out of the ordinary happening. The projects are stored on a local veracrypt drive. Thank you.

Ben, PortSwigger Agent | Last updated: Nov 12, 2021 11:45AM UTC

Hi Ema, Disk-based Burp projects use memory mapped files to function - we do not support the storage of project files on shared/network drives because of this and the potential issues around the reading/writing of data when they are stored in such a way. Is it possible that the encryption is being carried out 'on the fly' which might, under certain circumstances, be impacting on Burp writing and reading data to disk and causing corruption issues (apologies but I am not at all familiar with how Veracrypt works)?

Ema | Last updated: Nov 15, 2021 08:55AM UTC

Hi Ben, as I said the project is not on shared/network drives but local. The encryption is not performed on the fly. in my case both times it was done upon pc shutdown, after having closed burp.

Ema | Last updated: Nov 22, 2021 09:19AM UTC

Hi, any news on the issue? Thank you

Ben, PortSwigger Agent | Last updated: Nov 23, 2021 12:17PM UTC

Hi Ema, Unfortunately, if the restoration process is not able to successfully repair the project file then this is normally an indication that the corruption that has taken place is beyond repair and the contents of the file are irretrievable. We would obviously like to prevent this from happening in future - you mentioned that this has happened once before, could you tell me the sort of data that you have saved in your project file, for example, Intruder attacks, previously run scans, repeater requests, etc.? Did you have any extensions loaded in Burp when the corruption has taken place and, if so, do you recall which extensions they were? In terms of previous instances of project corruption - is this something that you have only experienced twice or is this something that you can replicate consistently?

Ema | Last updated: Nov 29, 2021 03:11PM UTC

Hi, i experienced the issue only twice. i do not recall exactly what i had in the projects however below a list of the things i believe i had: -intruder attacks (possible one or two) -previously run scans (3 to 5) -repeater request (many, possibly around 50) -extensions: active scan++, additional scanner checks, backslash powered scanner, freddy, http request smuggler, java deserialization scanner,nginx alias traversal, retire.js,software vulnerability scanner, software version reporter, logger++, handy collaborator, j2ee advanced tests the above are things i usually always have, below a list of some of the extension i had either in on or the other projects that got corrupted: -hackvertor, pdf viewer, exif tool scanner, protobuf decoder it might seem like a lot of stuff but this has kind of been the standard for me for years and i've never had this kind of problem before, maybe occasional freezes and crashes but no project corruption. thank you

Ben, PortSwigger Agent | Last updated: Nov 30, 2021 12:05PM UTC

Hi Ema, Thank you for the information. In addition to that, are you able to provide us with the Debug ID value from your diagnostics (available from Help -> Diagnostics). We can then also check to see if your installation has ever reported any exceptions back to us that might provide us with a further insight into any problems that have occured. If you would prefer to email this information to us then please feel free to use support@portswigger.net.

Ema | Last updated: Apr 26, 2022 08:35AM UTC

Hi, this happened to me again. lost the entire project and backup. there was no error when i closed burp last time.

Ema | Last updated: Apr 26, 2022 08:42AM UTC

it seems there was a burp update

Ben, PortSwigger Agent | Last updated: Apr 27, 2022 06:46AM UTC

Hi Ema, Just to clarify the scenario - you have been using Burp with a project file and you have closed Burp cleanly in the usual manner. In the intervening period, Burp has updated and now your project file is corrupt and will not load in the version of Burp that is now on your machine?

Ema | Last updated: Apr 27, 2022 08:51AM UTC

Hi Ben, what happened is something close: 1- was working on a project and cleanly closed burp, no error. 2- i do not open burp at all in the meantime 3- a few days later i reopen burp and open the same project and the file is corrupted. i don't really know when the update took place but i remember having had a popup on burp stating there was an update. i also have two lines that i add to my BurpSuitePro.vmoptions file to manage some java rendering issues with windows scaling : -Dsun.java2d.dpiaware=true -Dsun.java2d.uiScale=1.0 when an update is performed by burp i usually find this file overwritten lacking those lines, and this is also what happened this time, hinting there was in fact some updating done by the application. additional info: this project has remained open for a few days (2/3) prior to the time i closed it. i usually do this all the time if i want to keep the collaborator listening for older collaborator payloads. i do this often and usually does not result in project corruption but since we don't know what happened i'm just stating all i can think of that might have contributed. this issue has happened to me now 3 times in the span of a year. i use burpsuite everyday all day in my testing (to give you a reference of the odds). i really hope you can help me because this is very stressful. thank you.

Ben, PortSwigger Agent | Last updated: Apr 28, 2022 06:44AM UTC

Hi Ema, None of the activities that you have mentioned appear to be particularly out of the ordinary. Out of interest, how big is the project file that you are working with? Do you have the 'Delete backup file on clean shutdown of Burp' option set under User options -> Misc -> Automatic Project Backup and, if so, have any back up files been deleted? We asked this previously but are you able to supply us with your Debug ID so that we can try and determine what potential errors have occurred (again, if you want to send this via email then please feel free to send this to support@portswigger.net). Was it the 26th April when you tried to reopen the project file (just so we can narrow down our search)?

Ema | Last updated: Apr 28, 2022 10:02AM UTC

Hi Ben, The project file was approximately 5.3 GB. I do not have the 'Delete backup file on clean shutdown of Burp' set, my backups are run every 30mins. The backup has not been deleted, however it is also corrupted. Yes i opened the file the 26th. Additionally the corruption happened again between yesterday and today. The 26th i took a manual backup i had of the project, that was made a few days prior to the original's project corruption, and continued working on that one. Yesterday half an hour before closing the project an automated backup was made. i manually made a copy of that backup file. then 30 minutes later i closed the application. this morning the project and the backup are corrupted, however the manual backup i made half an hour before closing was not corrupted. These new files have 5.2 GB. If you need to remotely connect to my pc or have some tools to run to help detect the issue we could arrange that. My Debug ID is otbbg0xqx3prkrgrxwdp:hrsh

Michelle, PortSwigger Agent | Last updated: Apr 29, 2022 08:41AM UTC

Thanks for sending over your debug id, we'll take a look through and see if we have any exceptions reported. To help us match up any details we find and help us with our investigations, can I check a couple of details with you, please? - Can you remember the approximate time you took the manual backup that has not corrupted? - What tasks were you performing within Burp between taking the manual backup and closing the project file? For example, were you running any intruder attacks or performing scans/manual testing? - Can you remember the approximate time you closed the project file on the 27th when everything seemed to close normally?

Ema | Last updated: May 02, 2022 01:16PM UTC

Hi Michelle, - the time of the manual backup is ‎27 ‎April ‎2022, ‏‎22:39:10 (Windows says). i closed burp at 27 ‎April ‎2022, ‏‎22:40:24. the manual backup is a copy i made of the automatic backup at 22:39:10. since i found the automatic backup corrupted the next day, but it wasn't corrupted at 22:39:10 or the manual backup would be corrupted too, then i believe something must have happened on closing burp at 22:40:24 that corrupted both project and automatic backup. - since there is about 1 min between the two times i don't think anything was done at all. certainly not scans nor manual or automatic testing - 27 ‎April ‎2022, ‏‎22:40:24 thank you

Michelle, PortSwigger Agent | Last updated: May 03, 2022 12:48PM UTC

Thanks for the update. What options do you have set under User Options -> Misc -> Automatic Project Backup? When you experienced the issue on the 26th and 27th of April did this happen with the same project or were they entirely different projects? Which extensions are loaded in this particular project file? Were any tasks running in the Dashboard or had you paused them all/stopped the task engine?

Ema | Last updated: May 05, 2022 10:42AM UTC

Hi Michelle, - my settings are "Automatically backup the project every 30 minutes. the only checked option is "show progress dialog during backups". the other two are unchecked. - same project - active scan++, additional scanner checks, backslash powered scanner, freddy, http request smuggler, java deserialization scanner, nginx alias traversal, retire.js, software vulnerability scanner, software version reporter - the task engine was not stopped but i don't know if anything was running at the time of closing the project thank you

Michelle, PortSwigger Agent | Last updated: May 06, 2022 07:57AM UTC

Thanks for the update. Can you please try disabling the 'Software Version Reporter' extension and let me know if you still see the same issues or if things become more stable?

You need to Log in to post a reply. Or register here, for free.