Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Does burp suite store traffic cache?

Trương | Last updated: Aug 31, 2022 11:13AM UTC

Hi team, I am using burp suite community for a while, the experiences are really good. However, sometimes I found it behaving very strange. For example, when I capture traffics from my android, a few hosts hit errors like RST_STREAM received with error code: 0x2 (HTTP2) or Connection resset (HTTP1). Hence I have to check "Disable TLS session resume" in Project options and it run smoothly then. But after a few hours, it will get stuck at the same errors, this time I have to restart Burp Suite to make it work again. Since I am using community version, I will lose almost data whenever restarting for that uncontrolled errors. My question is: - Does burp suite store cache of old requests? - How can I disable that "cache" feature? Thanks team for clarifications.

Trương | Last updated: Aug 31, 2022 11:38AM UTC

Adding more information, I notice the professional version behaving the same but more seriously. Yesterday, I used my friend account to work on the project in Burp Suite Professional. But this time I could not address the errors with restarting and creating a new project in Professional Version. The last thing I did was reopening a community version to resolve these errors, after that I closed burp suite community and reopened professional version, it worked like a charm then. I think it would be better if we can disable that cache option in Burp Suite. Thanks team.

Michelle, PortSwigger Agent | Last updated: Aug 31, 2022 02:27PM UTC

To help us investigate this issue for you, can you send a screen recording showing the behavior you see in Burp Suite Community and the output from Help -> Diagnostics to support@portswigger.net, please? Is it always the same sites that cause these errors? If you browse the same sites using Burp's embedded browser, do you see the same error? Can you also tell us about your environment? Which OS are you using? How much memory does your machine have?

Trương | Last updated: Aug 31, 2022 03:29PM UTC

Hi team, I will try to produce the same errors and provide you as soon as possible. In terms of your questions, recently I got the errors in the same site. The same traffic did work by using Postman or Chrome, I did not try Burp Browser yet. My OS is Windows 10 and my computer has 32Gb in Memory. I think the main root cause is from Burp's cache, since it works perfectly when I Disable TLS session resume. However, I'm just confused whether the software uses other physical caches in order to capture traffics again, which could make the host treat it as potential vulnerabilities.

Trương | Last updated: Aug 31, 2022 03:36PM UTC

I could provide you an example on before and after disable TLS session resume so far so good. However the errors make me restarting Burp, it doesn't appear often, I will provide you later on.

Michelle, PortSwigger Agent | Last updated: Sep 01, 2022 07:54AM UTC

If you can send over the details via email so we can take a closer look, that will be really useful to help us get a full understanding of your issue. Does the site that has these errors use any authentication? At the time you have issues with this site are you able to access other sites?

Trương | Last updated: Sep 01, 2022 02:53PM UTC

Hi Burp team, I already managed to make it work. This time I didn't need to restart the software, instead I cleared all logs in Logger and all histories in Proxy -> WebSockets History. The host I encountered errors is from e-wallet domain. I think those logs and histories make it treat as risks, as a consequence the host blocked them without reasons.

Trương | Last updated: Sep 01, 2022 02:55PM UTC

Thanks team, in case someone hit the same problem, all I did was Disable TLS session resume, clearing all logs and all histories, then the software will work like a charm. Good luck.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.