Burp Suite User Forum

Login to post

Prompt before loading large responses

Tim | Last updated: Sep 23, 2020 03:45PM UTC

I frequently see large javascript responses exceeding 3MB. When I click on one of these, my instance of Burp freezes for around 20 seconds. Sometimes this click is accidental, or sometimes I simply don't notice the size of the response before clicking. I'm guessing this freezing is due to loading the long response into the Burp GUI. It would be great if the response pane had a size threshold, beyond which the UI would prompt prior to actually loading the content. (I.e. something like "Response not loaded due to large size. Click [here] to load it anyway"). Note that I am aware that I can hide javascript files entirely via the filter dialog. However this is not desirable, because I DO want to see the smaller javascript files (and would like to see the rows representing the larger files as well, even if I don't want to load their content immediately).

Uthman, PortSwigger Agent | Last updated: Sep 23, 2020 04:09PM UTC

Hi Tim, Thanks a lot for the feature request but this sounds like a bug. Can you please email us on support@portswigger.net with the below? - Diagnostics (Help > Diagnostics) - If possible, the JS response - Any relevant screenshots or other information you think may be helpful

Tim | Last updated: Sep 23, 2020 08:14PM UTC

I'll surely send what I can to help, but honestly this has always been the case for me (across multiple Burp installs on multiple computers) - selecting large responses (typically anything > 1 MB) in the proxy history table freezes the UI for a while (while it loads the large payload into the details). Same for Repeater tab.

Tim | Last updated: Sep 23, 2020 08:14PM UTC

(would be happy for other users to chime in here too, if they've experienced the same)

Jens | Last updated: Oct 05, 2020 09:45AM UTC

I am experiencing the same and it's frankly quite annoying for the user experience. One accidental click and your Burp freezes for a few minutes without any possibility to abort.

Uthman, PortSwigger Agent | Last updated: Oct 05, 2020 09:59AM UTC

Hi Jens, Can you please email us with the same information requested above?

floyd | Last updated: Oct 26, 2020 12:50PM UTC

Uthman, this is not a bug, this is a feature request. Everyone's Burp freezes when you click on a response with JavaScript that is for example 3MB large in the Proxy tab, because it needs to load it into the UI. We would like Burp to behave differently: When it sees that the response is very large, only display the HTTP headers and a button that says "do you want to show the large response?". Btw. the same would be helpful for large requests (happens less often, but I've seen Java fat clients sending a huge amount of data). The current behavior is problematic when you "look through" responses (e.g. with the arrow buttons on your keyboard) and you hit one of the large responses, you will need to wait for Burp to finish loading for 30 seconds.

Michelle, PortSwigger Agent | Last updated: Oct 27, 2020 01:45PM UTC

Thanks for the feedback. This has been raised as a feature request, I've added your comments to it as well and we'll post back here when there's an update.

Simko, | Last updated: Oct 31, 2020 05:56PM UTC

@floyd do you by any chance have Error Message Check extension allowed, when this happens? Because I experienced the same - Burp freezing while showing the response, but they I found out it was that specific extension. I've created a ticket for it https://github.com/augustd/burp-suite-error-message-checks/issues/51 but maybe if you are using this, or other extension using some regexp, that could be the fault.

Robert | Last updated: Dec 02, 2020 07:37PM UTC

I've had this same issue - Burp freezing for many seconds when clicking on large javascript files. Here's what I determined... It is NOT due to a particular extension - I tested with all extensions disabled and observed the same behavior. What I did determine is that it is due to large js files which have no newlines (or only a few). Example: a 7MB javascript file with all code on one line (no newlines). The same file, with a new line arbitrarily placed every 100 characters, Burp operates fine.

Michelle, PortSwigger Agent | Last updated: Dec 03, 2020 11:30AM UTC

Thanks for the information. Are you able to share a copy of the large javascript file you have that reliably causes the issue with us so we can use the same file to run some tests here? If so, could you send it over to support@portswigger.net

Martin | Last updated: Oct 28, 2021 11:22AM UTC

Hey there, are there any news on this, still facing this issue. Not with JS specific, but with other large requests/responses like image uploads. I would also love to see a feature like "floyd" described, to be able to manually load large responses, or display a loading indicator and load them in a background thread, but just freezing the UI thread is not so nice :-( Would also be happy if there is a workaround or extension for that? At least I didn't find one on my own. Thanks guys and keep up the great work!

Michelle, PortSwigger Agent | Last updated: Nov 01, 2021 10:33AM UTC

Thanks for getting in touch. We have been making efforts to improve this functionality so it would be good to find out more about the issues you're encountering. Can you email support@portswigger.net with some examples of the issues you're experiencing so we can look into this further for you, please? Are the sites where you're experiencing this publicly accessible?

Mopam | Last updated: Jun 30, 2022 10:00AM UTC

I always have the same problem. Last time the response was so big Burp displayed "Response too large to display", then it froze burp and kinda crashed my whole VM. Had to kill it and restart, response was 26MB, I mean, can't you really put a confirmation box or a setting somewhere to avoid this?

Mopam | Last updated: Jun 30, 2022 12:12PM UTC

Sorry the webserver response was 260mb not 26mb*

Liam, PortSwigger Agent | Last updated: Jun 30, 2022 12:26PM UTC

Thanks for this report, AnonTillIgetL33t. Can you email support@portswigger.net with some examples of the issues you're experiencing so we can look into this further for you, please? Are the sites where you're experiencing this publicly accessible?

You need to Log in to post a reply. Or register here, for free.