Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How do I speed up BurpSuite when it's a proxy

Burt | Last updated: Jun 03, 2020 02:25AM UTC

I've tried Burp Suite in normal mode where I tell the web browser about it and in Invisible mode (with some network gear to get the request to & from), and it all works, but it's much slower than accessing the same Web app directly. For a login page with 112 requests for total of 3.2MB * 7 secs direct browser to server * 28 secs via invisible proxy (with some network gear to get the packets to and from) * 34 sec regular proxy This web app is chatty and uses pipelining where all the requests are contained in one TLS session, and I know BurpSuite needs to break it into one TLS session per req/resp. Here's the weird part, I'm pretty sure that when I first switched over to the new versions of Burpsuite this latency problem almost completely disappeared. Somewhere in the last couple months, the latency has returned and I didn't really notice until I started automating some processes. I'm running BurpSuite on a Kali Linux VM, that part hasn't changed. I've tried both the linux download with integrated JRE and the jar file openjdk11 and 13. I've tried a bunch of other things such as the Proxy Options, pausing the Dashboard tasks.

Liam, PortSwigger Agent | Last updated: Jun 03, 2020 07:47AM UTC

Burt, is the application publicly accessible? Have you tried using previous versions of Burp to determine when the issue started?

Burt | Last updated: Jun 04, 2020 06:30PM UTC

Hi Liam - No, not publicly accessible. I didn't try older versions, but I will try some versions. Can you verify that the BurpSuite proxy doesn't normally slow down communication between client and server that much? I mean, what's considered normal in this situation? 3.2MB of response over 112 requests. I have the requests / responses being saved in the proxy history except for target scope settings that exclude graphics, css, and other static files.

Liam, PortSwigger Agent | Last updated: Jun 05, 2020 08:58AM UTC

Hi Burt, yes, I can confirm those connection speeds are abnormal. As a test, could you try proxying the application using another network?

Burt | Last updated: Jun 11, 2020 11:00PM UTC

Hi Liam - Same slowness from HTTPS clients from devices on several networks. I'm using firefox network dev tool to see the time taken for each of the 100+ req/resp and they're all taking longer. Instead of 500ms, a response will need 1500ms and it adds up to the numbers I gave. I could send wireshark pcaps and firefox har files of direct and invisible proxy traffic. You can see the client make the TLS connection with burpsuite then burpsuite makes TLS connection with server. Everything is working, but the double TLS connection time is taking up a lot of time. I tried an older version of burpsuite, but either I picked one that's no faster than now, or my anecdotal memory of burpsuite proxying faster was caused by something else. Do you have any recommendations of what I can look for?

Hannah, PortSwigger Agent | Last updated: Jun 15, 2020 10:08AM UTC

Hi Burt Could you tell me the version of Burp that you tested on, and whether you have tried with v2020.5 (released 5th June)?

Burt | Last updated: Jun 15, 2020 06:18PM UTC

Hi Liam - Yes v2020.5

Hannah, PortSwigger Agent | Last updated: Jun 17, 2020 02:07PM UTC

Have you tried disabling any unnecessary extensions, and any excess logging to proxy history or live tasks?

Burt | Last updated: Jun 24, 2020 12:40AM UTC

Hi Hannah - I need to keep the proxy history, but I press the "finished" button to stop the tasks shown on the Dashboard. I also setup a Target Scope that has one "include in scope" rule for all files and one "exclude from scope" rule that excludes css, js, graphics, etc). Is there more that I can do?

Michelle, PortSwigger Agent | Last updated: Jun 24, 2020 12:38PM UTC

Hi You mentioned earlier that you could send us some Wireshark pcap files showing the traffic if you're still happy to do that could you email them to support@portswigger.net, please? It might help us understand a bit more about the application so we can look into whether other settings can be changed. If you also have a Burp project file that matches the Wireshark file, it would probably be useful to see that too.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.