Burp Suite User Forum

Create new post

WebSocket messages can no longer be sent to Repeater

Nicola | Last updated: Jul 21, 2023 02:12PM UTC

Hi, I and some of my colleagues are experiencing a bug where WebSocket messages can't be sent to Repeater. I tested both Burpsuite v2023.6.2 and v2023.7.-21628 installed on a Linux system and used the following steps to reproduce: Access the lab https://portswigger.net/web-security/websockets/lab-manipulating-messages-to-exploit-vulnerabilities. Click on the chat in the website and open the WebSocket history in Burp. Click on a message in the direction of the server, click on "Send to Repeater" and observe that nothing happens. Sending to Comparer and Decoder works as expected. Please let me know if you need any additional information. Kind regards, Nicola

Michelle, PortSwigger Agent | Last updated: Jul 24, 2023 08:08AM UTC

Hi Thanks for getting in touch. I've just been running some tests with the same lab and the same versions of Burp and have been able to send WebSocket messages to Repeater successfully. Can you please email support@portswigger.net with a copy of the output from Help > Diagnostics and a screen recording of what you're seeing on your installation to help us try and replicate the issue?

Nicola | Last updated: Jul 25, 2023 02:45PM UTC

Hi Michelle, I will provide you additional information tomorrow. I just now noticed that the issue does not occur when using a temporary project. Maybe that explains the difference in behavior. Best regards, Nicola

Michelle, PortSwigger Agent | Last updated: Jul 25, 2023 03:12PM UTC

Hi That would be great. When I've been running tests here, I've tried both temporary and disk-based projects, and both have been working so it will be good to try and do a closer comparison of our setups.

Angelo | Last updated: Sep 01, 2023 12:41AM UTC

Hi, I'm getting a similar error. I can't send any websocket messages to Repeater. Disk-based projects, tried on both 2023.9.3 (Stable) and 2023.10-22956. I'm on Linux ARM VM on an M1 Macbook. Logs: java.lang.IllegalArgumentException: burp.Zz9z at burp.Zkwe.ZZ(Unknown Source) at burp.Zkwe.Zu(Unknown Source) at burp.Zyoe.ZC(Unknown Source) at burp.Zl8q.ZN(Unknown Source) at burp.Zy0j.Zu(Unknown Source) at burp.Zcq5.Zn(Unknown Source) at burp.Zo_4.Zf(Unknown Source) at burp.Zc6c.ZO(Unknown Source) at burp.Zrai.Zj(Unknown Source) at burp.Zz_2.Zd(Unknown Source) at burp.Zglm.actionPerformed(Unknown Source) at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1972) at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2313) at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405) at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262) at java.desktop/javax.swing.AbstractButton.doClick(AbstractButton.java:374) at java.desktop/javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:1029) at java.desktop/javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:1073) at java.desktop/java.awt.Component.processMouseEvent(Component.java:6620) at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3398) at java.desktop/java.awt.Component.processEvent(Component.java:6385) at java.desktop/java.awt.Container.processEvent(Container.java:2266) at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:4995) at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324) at java.desktop/java.awt.Component.dispatchEvent(Component.java:4827) at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948) at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575) at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516) at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310) at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2780) at java.desktop/java.awt.Component.dispatchEvent(Component.java:4827) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:775) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:720) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:714) at java.base/java.security.AccessController.doPrivileged(AccessController.java:399) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97) at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:747) at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745) at java.base/java.security.AccessController.doPrivileged(AccessController.java:399) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:744) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

Michelle, PortSwigger Agent | Last updated: Sep 01, 2023 07:17AM UTC

Hi If this is the same issue as was originally reported on this thread, we will be adding a fix for this in an upcoming release, although I don't have a date for this yet. In the meantime, if you right-click the message from the history list rather than the message editor window, this should allow you to send it to Repeater. I hope this helps.

Dominyque, PortSwigger Agent | Last updated: Sep 22, 2023 08:22AM UTC

Hi All We wanted to update the thread to let you know that the issue of not being able to send WebSocket messages to Repeater has been fixed in v2023.10.2: https://portswigger.net/burp/releases/professional-community-2023-10-2?requestededition=professional.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.