Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Web interface (or other out-of-band) "emergency save state" function for use when UI has locked up

Ben | Last updated: May 19, 2016 07:02PM UTC

Burp is a truly fantastic product. However, I regularly encounter situations in which the GUI for it locks up. Of course, this tends to happen when I'm in the middle of a pen test and haven't saved my state for an hour or so. I have to kill the process and lose a bunch of work. I believe the current recommendation for this is still "use the auto-save feature". I don't do this because saving every ten minutes (or similar) eats up all of my disk space (my state files are frequently 100-500MB each in size), and I can't just continuously overwrite one state file because if something fails during the write, I lose everything. I've noticed that when UI lockups occur, the proxy functionality continues to work - I just can't actively interact with the tool because the UI is broken. The last time this happened, I tried interacting with it via the web interface (http://burp/), and it worked fine. Of course, that interface is very limited, and should remain so. I'd like to request that one small feature be added to that interface - a button which will trigger a preconfigured save-state operation. The configuration could even be the same as the auto-save config. Allowing it to be configured *from* the web UI is probably too dangerous, but a single button/link which triggers a preconfigured state-saving operation to a preconfigured file seems safe enough, and would be a great way to avoid losing work in this type of situation. Alternately, consider some sort of IPC mechanism where a command-line utility could be used to trigger the function. Thanks, Ben Lincoln

PortSwigger Agent | Last updated: May 20, 2016 08:25AM UTC

Thanks for your feedback. In 1.7, we introduced the new projects feature, in which Burp saves its data incrementally in real time into a new project file format. There is no need to save your work, and the project can be quickly reopened in a new instance of Burp, much faster than restoring state. Can you try out the new feature and see if this meets your needs? We are keen to resolve any UI deadlock problems in Burp, so if you do identify any steps or conditions that can reliably replicate this problem, we'd be keen to hear the details, thanks.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.