Burp Suite User Forum

Create new post

Embedded browser project isolation

Lorenzo | Last updated: May 02, 2023 10:48PM UTC

All the information saved in the browser is available across all Burp project sessions. Most notably the history and the "restore browser" action are the potentially most sensitive ones. The current configuration could lead to sensitive information leaks during demonstrations, workshops, peer working, etc. The optimal solution would be to have completely "isolated browser instances" for each project file so that all the history, cookies, and data are kept, but not leaked in other projects. Temporary projects might have a configurable option where you pick either volatile instances or a unique instance for all temporary projects.

Michelle, PortSwigger Agent | Last updated: May 03, 2023 07:59AM UTC

Thanks for the feedback :) You can go to Settings > Burp's browser > Browser data and choose to clear the browser data or not to store browser data by default. You can also specify a browser data folder. Currently, these settings are all at a user level. We're monitoring interest in also being able to configure the browser data folder at a project level so that you could use separate folders for the browser data and then link project files to specific folders. Would this help in your scenario?

Lorenzo | Last updated: May 03, 2023 02:01PM UTC

It would be nice not to have to clear all browser's data, which could be useful when coming back to a project, but to instead have the specific browser data linked to the project. Configuring the folder at a project level should do the trick, it would be nice if you could also decide to automatically use a folder like /folder/location/[project_name] or some hash or something that could uniquely identify that project. I don't really feel the need for including browser data inside the project file, I don't think it really needs to be that portable, but having the ability to automatically have isolation at some level would be nice.

Michelle, PortSwigger Agent | Last updated: May 04, 2023 09:10AM UTC

Thanks for the update. I'll add those details to the ticket on our system for this feature so we can discuss it further with the team.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.