Disable update checks
An option to disable update checks on startup would be great. This setting should also disable update checks when upstream proxy server settings are changed. This would be especially useful for Burp users that test in high-secure network environments isolated from the public Internet.
We would prefer to keep the updates check automatic. If you are working on a private network with no Internet access, then the updates check will simply fail silently with no ill effects for the user. If you are on a network that can route to the Internet but for some reason you would like to avoid requests to certain hosts, then we suggest you use an ad hoc workaround, such as a personal firewall rule, or a rule in Burp to use an invalid local port number as upstream web proxy for those hosts. In this situation, you will likely find that lots of your installed software is making noisy requests, so you might need to create suitable rules for all relevant hosts.
A lot of security professionals like myself probably spend a considerable amount of time to test from "clean" virtual machines where they limit as much traffic as possible. Your upstream web proxy idea is clever and not something I had thought of but it still leaves users with the problem of unwanted traffic going over the network. I understand Burp is a popular tool with many requests which can't all be addressed but this seems like such a quick fix.
cybeard your rant was beautiful :)
The upstream proxy option can point at 127.0.0.1:XXX (invalid port) so that you don’t see any traffic going over the network.
2) The reason you can't disable automatic updates is the creators WANT the software to phone home.
3) This approach is completely in line with their policy on licensing. They will only write software that has built-in self-destruct mechanism. So you can probably see why they want to keep track of all clients being used in the wild.
You define an upstream proxy rule for the specific host that updates checks are made for, as discussed earlier in the thread.
We want people to know about updates, and the license agreement makes clear that updates checks happen.
We prefer to keep the check for updates always on, so that these can be made available as quickly and easily as possible. We understand your perspective, but If you really need to prevent it happening, there are various technical means of doing so, such as a host firewall with an egress filter. Or you can configure your secure monitoring system to ignore (and block) the connection that checks for updates.