Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cannot download big files.

Smeil | Last updated: Nov 21, 2017 06:02PM UTC

Hi! I cannot download any big files through burp proxy. There is no cert installation mistake because I tried this on so many other employees devices too. There are no ssl errors too because a file smaller than 4 mb gets downloaded everytime. I don't know if there is a feature to enable this or this is a bug in the program. Pls help me out. I need to get stuff running before the start of the new week.

PortSwigger Agent | Last updated: Nov 22, 2017 09:18AM UTC

Hi Cathy, Thanks for your message. One thing to be aware of is that Burp will load the full file before it starts sending the file to the browser. This can make it appear that the download isn't working - but in many cases if you wait, it will succeed eventually. In general, it's probably best to not use Burp for large downloads. I usually test in Chrome and I use the FoxyProxy extension that lets me easily switch proxies. You can configure a URL to stream. Look in Project options > HTTP > Streaming Responses. Be aware that you can't use Burp tools like Scanner with a streaming URL. Please let us know if you need any further assistance.

Burp User | Last updated: Nov 22, 2017 02:53PM UTC

Hi Paul, Thanks for your answer. I tried to download Vivaldi browser using chrome. The download never started. Web pages and everything else is working absolutely fine. Also After successfully downloading opera since it was a small file, the installation won't complete since it has to download files from the server. The big problem here is with the downloads. Currently we are testing if it is working for our needs. I proposed to the company that we buy burp. That's when employees started facing downloading issues. Including me. As you see our employees of the company needs to download huge amounts of files. P.S : As a test I used my android device to download a small YouTube video to see if that came. The download never started in the first place. Any help would be appreciated!

PortSwigger Agent | Last updated: Nov 22, 2017 03:10PM UTC

Hi Cathy, Thanks for coming back to me. What are you intending to use Burp for? I think you may have different expectations to what Burp can provide. Burp is a tool to help developers and security practitioners test and secure web applications. It is not intended to be a corporate security proxy. We recommend only using Burp when testing websites. For general browsing - and especially big downloads - do not use Burp. Please let us know if you need any further assistance.

Burp User | Last updated: Nov 22, 2017 06:16PM UTC

Hi Paul! We are trying to use burp for monitoring our employees while they do what they do. To be more precise, What we are trying to do is similar to a man-in-the-middle. Downloads, General browsing all are included in this scope. If burp isn't meant to do this job, Could you please recommend me something that can perform what I want.

PortSwigger Agent | Last updated: Nov 23, 2017 08:35AM UTC

Hi Cathy, Ok, I understand where you're coming from. That's very different to what Burp is intended for. I'm not very familiar with these kinds of proxies. There are many commercial systems, such as BlueCoat and ForcePoint, and some open-source like Squid. I can't speak for the quality of any of these.

Burp User | Last updated: Nov 23, 2017 10:24AM UTC

First, I want to thank you Paul Johnson for helping me out. Burp has worked out fine for general browsing. It was really great and we all actually loved it. The trouble only started when our employees tried to download files as per their daily routines. In my point of view, I really think that the download feature should be added to burp. There are Web Apps that focus on downloading. For example : UTorrent for Android and Youtube Video Downloader. I think that burp will not work for these type of apps. It would be simpler if the download feature is added to burp.

PortSwigger Agent | Last updated: Nov 23, 2017 10:27AM UTC

Hi Cathy, Thanks for the positive feedback. To fix downloading, there is the Streaming Responses workaround I mention (look in Project options > HTTP). But it probably won't suit you as you'd need to enter download sites in advance. Unfortunately, fixing this issue in a general sense would be a major change - and not really in line with our plans for the product.

Burp User | Last updated: Nov 23, 2017 11:26AM UTC

Isn't there a way round the bush to solve the downloading trouble because every other feature is amazing, working fine and I love it. Checked a lot of other solutions and nothing can compare to Burp.

Burp User | Last updated: Nov 23, 2017 06:41PM UTC

I don't see a way to use it. When the client clicks on a downloadable link, burp should totally ignore the request and the client should be able to download the file as he would when he is using the network without the proxy. Since burp is an enterprise solution for web application security, it has to come packed with many features. I would be glad if you could point me the right way. Maybe making an automation so that when the client download a file, it doesn't pass through a proxy and the download completes normally. Any help would be appreciated.

PortSwigger Agent | Last updated: Nov 24, 2017 08:45AM UTC

Hi Cathy, Burp is a tool to help test web sites to make them secure. It's never been designed as an enterprise security gateway. It's quite cool that you managed to get as far as you did. But you will hit many problems - downloads just being the first. You will need to find alternative tools. Good luck with your solution.

Burp User | Last updated: Nov 25, 2017 04:00AM UTC

Thanks Paul! I appreciate all the effort you took for me.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.