BurpExtenderUtilities
BurpExtenderUtilities copied to clipboard
CoreyD97
FR: Project preferences backup
When burp crashes for any reasons or an extension is being interrupted in the middle of saving the project settings, it may clear the settings completely from the sitemap. I suggest these to be added please:
- taking a backup before saving or resetting any data in the sitemap -> so everything will be copied under another name like LoggerPlusPlus-backup
- we should be able to have getProjectBackup settings if it is needed (for example when the current setting is corrupted or not found)
- we should be able to also have removeBackpSettings to clear the previous settings when it is needed
Hey, any chance you are able to identify at which point a crash must happen to wipe these settings? I've never seen this behavior before. Any time a setting is updated, the method below is called which will serialize the settings and store them in the sitemap. The only way I can see the values being cleared is Burp not properly adding this to the sitemap, which would therefore also effect any backup settings.
Ideally I'd like to find another solution here, I know I write a lot of hacky code, but this seems like an unnecessary hack around a problem caused by Burp that should be fixed instead?
https://github.com/CoreyD97/BurpExtenderUtilities/blob/b9f04e3025d5cc7a1bf5e334861c5f70455dd317/src/main/java/com/coreyd97/BurpExtenderUtilities/ProjectSettingStore.java#L151-L154
I have seen it a lot that this.callbacks.addToSiteMap(this); does not work at the same time. It is like it has a delay or it does something depends on the data that is storing on top of what it had before. I just think if we can save the previous settings in a new name, perhaps it can save it quicker...
What I also do that can add to the problem is that because of funny behaviour of saving to sitemap, I have to delete what I have there first before copying the new data so any delay in saving things in sitemap can make things worse.
Line 58-81 in https://github.com/mdsecresearch/BurpSuiteSharpener/blob/main/src/main/java/com/irsdl/burp/sharpener/objects/StandardSettings.java#L58 is just for deleting the previous settings.
Then after I save the data, I have also added a check to make sure my data is there on line 86: https://github.com/mdsecresearch/BurpSuiteSharpener/blob/main/src/main/java/com/irsdl/burp/sharpener/objects/StandardSettings.java#L86
But I think line 86 is not effective as it may not read it from the sitemap and just get it from some internal variables. You know how it works better though.
Thanks for the background info. I'll try to reproduce this and see if there is anything we can do about the root cause.
As you say, lines 58-81 will definitely add to the problem, though I fixed the behavior for resetting project settings in https://github.com/CoreyD97/BurpExtenderUtilities/commit/e4dd0949039da4d4ab6fd44ebc78b409dd1eda33. Can you try removing the workaround you implemented and seeing if the problem occurs as frequently?
Thanks!
Line https://github.com/mdsecresearch/BurpSuiteSharpener/blob/main/src/main/java/com/irsdl/burp/sharpener/objects/StandardSettings.java#L60 uses your reset solution, I am resetting it before saving it, I don't think you have solved that one, have you?
I mean have you solved the problem of sitemap not being saved so I don't need to reset it before save?
It wasn't an issue with the site map not being saved, but that the resetSetting method just straight up didn't work on project settings. That is fixed now so pour workaround on line 60 shouldn't be needed 😁
I will give it a go but saving in sitemap is an issue AFAIK. I think they do not save a response when it is too similar but I might be wrong. If that is the case, maybe you can add fake but random headers to the response before saving them and remove them afterwards ;)