Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Freeze when changing issues severity

Thomas | Last updated: Aug 21, 2017 12:48PM UTC

Hello, I am experiencing freeze with BurpPro. This happens when I try to change the severity of a SQL injection ScanIssue to FP. After, UI don't respond, Burp doesn't use CPU or change memory allocation. When launched from a shell no errors are outputed. Note that does happen only with a few of the issues and when I try change the severity of the whole 'SQL injection' batch, everything goes right. This appear on a Windows Server 2012 with Burpsuite Pro v1.7.26. The steps that leaded to this : My colleague started a scan then stopped it and made a state file. I loaded that state file and resumed the scan. Once the scan finished and I wanted to review the issues, that is where the bug was observed. Let me know if you need other informations. BR

Liam, PortSwigger Agent | Last updated: Aug 21, 2017 02:02PM UTC

Hi Thomas Thanks for this report. We'll investigate this issue and get back to you.

Liam, PortSwigger Agent | Last updated: Aug 23, 2017 11:18AM UTC

Hi Thomas We've been able to reproduce this issue during testing. State files are a deprecated function. Have you tried using Burp Projects? - https://portswigger.net/burp/help/suite_burp_projects.html

Burp User | Last updated: Sep 22, 2017 12:17PM UTC

It happens for me as well; and I tried both State files as well as Project files. No change. Also, not sure if it can generalize it to this degree, but it seems that issues raised natively by Burp are fine; however issues discovered by any extenders are freezing [upon making them False positives] Burp to the point I need to kill the entire process.

PortSwigger Agent | Last updated: Sep 22, 2017 12:56PM UTC

Andrej, Sorry that you're having difficulty. We believe this issue was introduced in Burp 1.7.24, so if you use an older version you should be ok. We believe we have a fix now, so assuming further testing goes ok, it should be in the next release.

Burp User | Last updated: Nov 06, 2017 03:12PM UTC

I'm also having this issue, on Burp Suite Pro version 1.7.27 running on Kali Linux, I'm just about to kill Burp now to recover from it and try to remember not to mark the same issue again! The false positive does get marked (Cross Site Scripting (reflected) in this case) but Burp then freezes and must be killed to recover. No memory eating, no CPU eating, no fast I/O. I am loading the state file from an NFS share (testing from within a virtual machine and having to avoid the VM's folder sharing as it can't handle memory-mapped files). I'll quickly try again but with the project file entirely within the VM (i.e. not on NFS): nope, no difference, it locks whether the project file is on EXT4 or NFS.

PortSwigger Agent | Last updated: Nov 06, 2017 03:29PM UTC

Hi Ian, This issue has been identified and will be fixed in the next release. Until then, you can work around the issue by using 1.7.23 or older. As far as we can tell it's not related to EXT4/NFS; it's an unwanted interaction between a repaint event and updating the list.

PortSwigger Agent | Last updated: Nov 16, 2017 10:17AM UTC

The UI freezing issue should be fixed in the latest release (1.7.28). Thanks again for your feedback, and please let us know if you run into any other issues.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.