Burp Suite User Forum

Create new post

File Ownership Not Returned

Paul | Last updated: Apr 19, 2015 08:06PM UTC

Hello, I am playing with the MDSEC training lab for the Java Applet input validation bypass. As part of this I was using the right click 'Paste from File' option to inject my modified client. While this worked it looks like the Java thread for burp has maintained ownership of the .class file. So I cannot delete the .class to try a second modification to the applet. On windows the error is: 'The process cannot access the file because it is being used by another process.' When you try; del *.class. Investigation showed the process was owned by Java itself. Closing the browser ends the applet thread and ownership was not returned. Only closing Burp suite returned ownership. Can you check the 'Paste from File' option to make sure it closes its connection to the file ? Regards

PortSwigger Agent | Last updated: Apr 20, 2015 10:27AM UTC

Thanks for this report. We've reproduced this problem - you're right, Burp is not properly closing the file after doing the "paste from file" operation. We'll get this issue fixed in the next minor update.

PortSwigger Agent | Last updated: Apr 22, 2015 02:53PM UTC

Just to let you know that we have fixed this issue in today's release, v1.6.17. Please let us know if you see this problem recurring, and thanks again for your feedback.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.