Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Separate Burp Chromium Browser from the local Chrome policy

GarlicCheese | Last updated: Oct 14, 2024 07:14AM UTC

We used to use the built in Chromium Browser of Burp Suite Pro, which was previously unaffected by our mandatory, restrictive Chrome policy deployed system wide. The Chrome policy is deployed via the configuration .json file under /etc/chromium/policies/managed, and restricts the allowed URLs as well as the developer tools. Previously, the Burp browser was unaffected by this, but lately the restrictions also affect the built-in browser of Burp Suite Pro. Is there any approach I can follow, to exempt the built-in browser from the local policy?

Michelle, PortSwigger Agent | Last updated: Oct 15, 2024 08:41AM UTC

Have you discussed this with your internal IT team to confirm what changes have been made to the policy recently? If so, were they able to provide any further details on the changes (e.g. are they related to specific Chromium versions) or any advice on how to whitelist Burp's embedded browser?

GarlicCheese | Last updated: Oct 15, 2024 09:12AM UTC

Hi Michelle, there were no changes to the Chrome policy. It's basically just a very limited list of allowed domains. This phenomenon occurs since we moved from Kubuntu 24.04 to TUXEDO OS 3. The Chrome version shouldn't have changed in a major way during this transition. I'm afraid I have no idea how to exclude or allowlist Burp, exempting it from our local policy. I was hoping that this happened due to a change on your end. If that's not the case, it must be how Ubuntu vs. Tuxedo Chromium handle the policy and it has nothing to do with Burp after all.

Michelle, PortSwigger Agent | Last updated: Oct 15, 2024 03:15PM UTC

Hi We update the version of Chromium Burp uses but nothing major other than that. Which version of Burp are you using? Are you able to share your debug ID?

GarlicCheese | Last updated: Oct 17, 2024 08:38AM UTC

Hi Michelle, I've set up a couple of different test environments with varying base OSs and Burp Community. The problem we're facing is, that previously *Ubuntu used the location `/etc/chromium-browser/policies/managed` for Chromium policies. Burp and the Burp browser however seem to use the path `/etc/chromium-browser/policies/managed`. This allowed us to use a system-wide Chromium policy for the OSs Chromium browser, without restricting the Burp browser. Now *Ubuntu has switch to snap, which completely alter the behavior. We're currently using TUXEDO OS, which again, uses `/etc/chromium/policies/managed` for the OSs Chromium browser. The same location/file that Burp browser will enforce. I have no experience with bundling Chromium with applications, as you do with Burp in this case. It would be fantastic, if the Chromium policy path could be user-defined in the Burp settings, making it more independent of the base OS and be true to the term "pre-configured" browser. I hope my investigation helps clear up the issue. Let me know if I can provide more details.

GarlicCheese | Last updated: Oct 17, 2024 08:40AM UTC

Sorry, I had a copy/paste error in the previous message. *Ubuntu (23.x) previously used `/etc/chromium-browser/policies/managed`. Burp Browser uses ``/etc/chromium/policies/managed``

Michelle, PortSwigger Agent | Last updated: Oct 18, 2024 01:56PM UTC

Hi When we launch the embedded browser in Burp, we're not changing anything/setting anything specific in that location. This is the first time we've had any requests to make this configurable, so at this stage we'd want to see how many users might be affected by this.

GarlicCheese | Last updated: Oct 21, 2024 05:25AM UTC