Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

2.1.04 scanner stalling on pretty much every test

Ian Nov 05, 2019 01:58PM UTC

Hello, I've been trying to use the newer burp but so far I'm having great trouble making it actually perform its job effectively due to scans rarely finishing and having to frequently be "unstuck".

The pattern at the moment is for a scan to be started with some settings setup up to try and prevent lock-ups, at the moment the "handling application errors during audit" is set to skip remaining checks if there's 1 failure, and skip remaining insertion points if 1 failure is seen. It's set to pause a task only if 1,000 consecutive audit items fail. This is solely to try to prevent these dreadful lock-ups.

In Project Options I've dropped all the timeouts down to about 5 seconds, again to try to prevent lock-ups.

What essentially happens is that after a while, the scanner stalls. I go into audit items and find that 20 or so (however many parallel requests are permitted) items are marked as "Scanning" but nothing is happening. To get things going again I either have to change scanning resource to one that handles more simultaneous requests, or I have to select the stalled audit items, cancel them, then audit again.

As a result of the constant scanner stalls, active scans rarely get past phase 1 on anything but the smallest apps. I succeeded on getting a login form through all scanning phases recently and regarded this as a bit of a victory. Just a simple login form, that's all it could do without breaking.

This fixes things temporarily but it then just stalls again. I've done about 4 tests using the 2.x branch of burp but will be ripping it out and going back to 1.x for the next test until I get the OK from some of my colleagues who are persisting with it at the moment, the rest have gone back to 1.x for the same reason -- stalling scanners.

Ian Nov 05, 2019 03:17PM UTC
I suspect this is a plugin as things have progressed much better since I unloaded all the plugins, is there any rapid way to find out which one is causing trouble? I tried looking at the debug tab but nothing much in there and there's no significant shell output.

Liam Tai-Hogan Nov 05, 2019 04:14PM UTC Support Center agent

Do you have performance feedback enabled (User options > Misc > Performance feedback)? If so, could you provide us with your diagnostics (Help > Diagnostics)? We can check for excpetions related to specific extensions.

Failing that, the best way to locate the extension causing the issue would be to enable them one at a time.

Ian Nov 05, 2019 04:45PM UTC
I've disabled all the plugins bar one, does this affect the usefulness of the debug information?

Mike Eaton Nov 06, 2019 09:31AM UTC Support Center agent

Hi Ian

This won’t affect the content of the debug information, if you can provide us with your Debug ID we can use that to locate the diagnostic information your Burp Suite installation is sending back to us from your testing.

If you enable your extensions one at a time, and run a scan on each enabled extension, it will allow you to identify which extension is causing issues when scanning.

Ian Nov 12, 2019 10:38AM UTC
OK it's stalled again, I've unloaded all the extensions while it's stalled but it's not unstuck itself (unloading a few extensions unstuck it previously, presumably by coincidence). Here's the info from debug:

awt.toolkit sun.awt.X11.XToolkit
exe4j.moduleName /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/BurpSuitePro
file.encoding UTF-8
file.separator /
i4j.vpt true
i4jv 0
install4j.appDir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/
install4j.exeDir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/
install4j.jvmDir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre
install4j.launcherId 70
install4j.swt false
java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
java.awt.printerjob sun.print.PSPrinterJob
java.class.path /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/.install4j/i4jruntime.jar:/home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/burpsuite_pro.jar
java.class.version 55.0
java.home /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre /tmp
java.library.path /usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib OpenJDK Runtime Environment
java.runtime.version 11.0.2+9 Java Platform API Specification
java.specification.vendor Oracle Corporation
java.specification.version 11
java.vendor Oracle Corporation
java.vendor.version 18.9
java.version 11.0.2 2019-01-15
java.vm.compressedOopsMode Zero based mixed mode OpenJDK 64-Bit Server VM Java Virtual Machine Specification
java.vm.specification.vendor Oracle Corporation
java.vm.specification.version 11
java.vm.vendor Oracle Corporation
java.vm.version 11.0.2+9
jdk.debug release
jdk.tls.allowUnsafeServerCertChange true
jdk.tls.server.protocols TLSv1,TLSv1.1,TLSv1.2
os.arch amd64 Linux
os.version 5.3.0-kali1-amd64
path.separator :
python.cachedir.skip true
python.console.encoding UTF-8 64
sun.awt.enableExtraMouseButtons true
sun.boot.library.path /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre/lib
sun.cpu.endian little
sun.font.fontmanager sun.awt.X11FontManager UnicodeLittle com.install4j.runtime.launcher.UnixLauncher launch ccf7dac9 0 0 burp.StartBurp SUN_STANDARD
sun.jnu.encoding UTF-8 HotSpot 64-Bit Tiered Compilers
sun.os.patch.level unknown GB
user.dir /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro
user.home /home/user1
user.language en user1
user.timezone Europe/London

Burp Version 2.1.04
Burp Browser Version 0.144
Burp Browser binaries /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/burpbrowser/0.144
Code source /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/burpsuite_pro.jar
Debug ID pfhvwl9vahzty6jkmw9j:mps6
JAR type Installer

PATH /home/user1/.bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
XAUTHORITY /home/user1/.Xauthority
XDG_DATA_DIRS /usr/share:/usr/share:/usr/local/share
DBUS_SESSION_BUS_ADDRESS unix:path=/run/user/1000/bus
XDG_SEAT_PATH /org/freedesktop/DisplayManager/Seat0
SESSION_MANAGER local/kali2019:@/tmp/.ICE-unix/908,unix/kali2019:/tmp/.ICE-unix/908
PWD /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro
PAM_KWALLET5_LOGIN /run/user/1000/kwallet5.socket
XCURSOR_THEME breeze_cursors
SHELL /bin/bash
GPG_AGENT_INFO /run/user/1000/gnupg/S.gpg-agent:0:1
DESKTOP_SESSION /usr/share/xsessions/plasma
OLDPWD /home/user1/Library/Apps/BurpSuite/Current/BurpSuitePro/jre
USER user1
DESKTOP_STARTUP_ID kali2019;1573550513;790156;924_TIME593264
SSH_AUTH_SOCK /tmp/ssh-n16h6psQQngp/agent.800
XDG_SEAT seat0
GS_LIB /home/user1/.fonts
XDG_SESSION_PATH /org/freedesktop/DisplayManager/Session1
XDG_RUNTIME_DIR /run/user/1000
HOME /home/user1

Wsdler Extension type: Java
Site Map Fetcher Extension type: Python
Custom Extension type: Java
Content Type Converter Extension type: Java
Custom Logger Extension type: Java
JSON Decoder Extension type: Python
.NET Beautifier Extension type: Java
WSDL Wizard Extension type: Python
CMS Scanner Extension type: Java
Cloud Storage Tester Extension type: Python
J2EEScan Extension type: Java
Additional Scanner Checks Extension type: Python
Active Scan++ Extension type: Python
Additional CSRF Checks Extension type: Python
AuthMatrix Extension type: Python
Autorize Extension type: Python
Backslash Powered Scanner Extension type: Java
Bypass WAF Extension type: Java
CO2 Extension type: Java
Error Message Checks Extension type: Java
Freddy, Deserialization Bug Finder Extension type: Java
HTML5 Auditor Extension type: Java
HTTPoxy Scanner Extension type: Java
Headers Analyzer Extension type: Python
JSON Beautifier Extension type: Java
Java Deserialization Scanner Extension type: Java
Logger++ Extension type: Java
Retire.js Extension type: Java
SSL Scanner Extension type: Python
Session Auth Extension type: Python
Software Version Reporter Extension type: Java
Software Vulnerability Scanner Extension type: Java
WordPress Scanner Extension type: Python

Total memory 641,728,512
Max memory 3,110,076,416
Free memory 167,549,096
Number of processors 3

Debug ID is: pfhvwl9vahzty6jkmw9j:mps6

Michelle Gillian Nov 12, 2019 03:52PM UTC Support Center agent

When it stalled this last time, was ‘Submit anonymous feedback about Burp’s Performance’ enabled (User options > Misc > Performance feedback)? The last data I can find from your installation is dated 7th November.

Also, can you try upgrading to the latest version 2.1.05 and starting a new scan with no extensions enabled, just to confirm that we see no errors at that point? If we just disable the extensions after it has failed it won’t necessarily point us at the cause of the problem.

Ian Nov 12, 2019 04:09PM UTC
Ah at the moment I'm on a site where the testing machine is not connected to the internet, that's not going to help much is it ;-) If I connect it to the net then will it upload the relevant data, or will I need to make it stall again when it's got an internet connection?

I'll detach the machine from the test network now and plug it into the net and do the upgrade, that might upload the performance data.

I'll try to do a scan tomorrow with no extensions, it's tricky as the stall isn't that predictable.

Ian Nov 12, 2019 04:35PM UTC
OK updated, I'll try it again tomorrow. Hopefully the performance data should have uploaded by now.

Ian Nov 13, 2019 11:13AM UTC
Sorry but it's stalling even when no plugins are loaded. I've got limited time to deal with this as I am on paying work, I'll keep playing with it today but tomorrow I'll be going back to Burp Suite 1.7, I can't use this.

Liam Tai-Hogan Nov 13, 2019 03:56PM UTC Support Center agent

Ian, thanks for trying that for us. Unfortunately, we still haven’t seen any debug information.

Can I ask, what number do you have set for “Pause the task if * consecutive items fail”?

Have you tried using Burp’s Resource Pool settings to throttle your scanning?


Ian Nov 13, 2019 04:32PM UTC
It's got debugging turned on, it was updated yesterday, and it's been connected to both the client network and the internet all day, and user options->misc->Performance Feedback has been on for the last 3 days.

I'm on a fast internal network with a large app to test, so throttling shouldn't be needed, in fact I've created a new resource pool with 25 simultaneous requests. I've tended to do this to get scanning going again after it's stalled -- when it stalls, creating a new resource pool with more simultaneous requests than the last one had was one of the ways I'd get it unstalled.

As for the value of "pause the task", I've varied that through trying to get to the bottom of this but I don't have a definitive list of what I set it to and what happened. I've never noticed any difference even when I set it to quite a high number (I think I had it up to 1000 at one point). I've also dropped timeouts down to 20 seconds (who waits 5 minutes for a DNS request after all?) as this is a fast internal app. I also altered the two "skip remaining checks" to various values to try and stop it from grinding to a halt.

I suppose the best thing to do right now is to try and figure out why the debug information isn't uploading. What do we need to do this.

Ian Nov 14, 2019 01:48PM UTC
Stalled again on a new scan today, there are a large quantity of audit items shown as being in the "scanning" state, the scanner is not shown as paused, but there are no scan requests being sent. There is no apparent way to kick this thing into life, it's just sitting there doing nothing. On this scan there was a series of authentication failures due to a login timeout but once this has been corrected, there's no way to get the scan going again. It looks like I'll have to restart it? Is this really the way to do things in the new Burp?

Ian Nov 14, 2019 03:30PM UTC
Now another scan (using 10 simultaneous requests, using the "medium active" preset to see if I can get a scan to complete properly, and only moving on to the next set of request once the first set has completed, has stalled for the second time. Last time I cancelled the stalled requests then selected them for a re-scan. It's got through phase 1 of the active scan on all of them but that's as far as it's going. This isn't terribly impressive.

Also is there any way to get some more rapid support? As jobs are quite short, these long drawn-out problem solving sessions aren't going to help. It is a paid product after all so it would be nice to get some kind of progress on this.

Ian Nov 14, 2019 03:35PM UTC
(While I thought that this scan profile might actually stop at phase 1, all the audit items are still showing with "Scanning" in the "Status" column.)

Liam Tai-Hogan Nov 15, 2019 03:05PM UTC Support Center agent

Thanks for the additional informtaion Ian.

We’re now seeing feedback from your instance of Burp. We can’t see anything relating to Burp Scanner. Could you confirm that your debug ID remains the same?

When the scan stalls, could you send a screenshot of the Audit Items tab to

Regarding support, we have just added two new members to the team and have two more joining in the coming months. I appreciate that this doesn’t help with your current issue, however, we do take technical product support seriously and are actively working to improve this function.

Ian Dec 16, 2019 01:39PM UTC
It's locked up on another scan. I then quit, upgraded to the latest Burp Suite version, reloaded the burp file, unpaused it to continue the scan, and it's worked for a while but has now locked up again. This is a static website.

Debug ID is pfhvwl9vahzty6jkmw9j:hgjg

I'll email a screenshot to the support address quoting that debug ID.

Ben Wright Dec 16, 2019 01:43PM UTC Support Center agent

Thanks Ian.

We will look into the issue once we have received your email.

Ian Jan 06, 2020 11:44AM UTC
Hello, are there any updates on this? I'm on a test today, I updated to the latest burp suite, created a new live task to scan all items in scope, accepted all the defaults, and hit the login form with random invalid credentials. It's sent 5496 requests and has now stalled with about 20 items still with the active phase incomplete, it hasn't sent any more requests in about 10 minutes now and is using no CPU.

Ian Jan 06, 2020 03:09PM UTC
Just left the above scan for an hour while I went for a break, still no progress, still stalled. It shows in the Audit Items screen as there being about 20 or so items in "scanning" state but absolutely no activity either CPU or network-wise.

Liam Tai-Hogan Jan 07, 2020 11:20AM UTC Support Center agent

Hi Ian

I’ve picked up the email thread. We’ll respond via email.

Post Your public answer

Your name
Your email address