burp-cph icon indicating copy to clipboard operation
burp-cph copied to clipboard

Published 20 hours ago verified publisher icon elespike

Infinite horizontal scrolling - Burp v2020.1

Open tzuk-pl opened this issue 4 years ago • 15 comments

When a CPH tab uses the "values returned by issuing a single request" the HTTP message editor window has an infinite scrolling issue.

This issue has been reported by Burp Suite to other extensions, including upload scanner:

https://github.com/modzero/mod0BurpUploadScanner/issues/60

We’ve just released a new version of Burp that has some big changes to the HTTP message editor.

Notably, a scroll pane is now implemented inside the message editor.

Unfortunately, this has caused an infinite scrolling issue with your extension. This was reported to us by a user of your BApp, who provided a video of the issue (https://monosnap.com/file/Gqw1tXkXKupRRSAsBSEN3rcjbAYyDw).

If possible, could you remove the scroll pane instance you have implemented, and create a pull request against the PortSwigger branch of your repository so that we can review the changes and update the BApp?

image

tzuk-pl avatar Feb 29 '20 17:02 tzuk-pl

Thanks for reporting this! I'll have a closer look this week and push out a new version to BApp soon. =)

elespike avatar Mar 02 '20 14:03 elespike

@HannahLaw-Portswigger, is there a workaround for this?

I can't simply remove the parent JScrollPane. I've tried setting horizontal scroll policies and maximum component sizes, all to no avail.

Here are some relevant lines:

  • Define HTTP message editors: https://github.com/elespike/burp-cph/blob/master/CPH_Config.py#L1149-L1150
  • Put them in a JSplitPane: https://github.com/elespike/burp-cph/blob/master/CPH_Config.py#L1453-L1456
  • Entire tab is an instance of JScrollPane: https://github.com/elespike/burp-cph/blob/master/CPH_Config.py#L255

elespike avatar Mar 02 '20 16:03 elespike

The new message editor has a scroll pane as part of it. With a scroll pane inside a scroll pane, it causes the infinite scrolling issue.

As far as I'm aware I haven't seen someone fix this yet (as the original extension I opened the issue on still is yet to respond).

If you can't remove the scroll pane instance, you could try changing the message editor to something different instead. Perhaps the ITextEditor (IBurpExtenderCallbacks.createTextEditor)?

Please let me know how you get on.

Hannah-PortSwigger avatar Mar 02 '20 17:03 Hannah-PortSwigger

@HannahLaw-Portswigger, from what I can tell, the infinite scrolling issue doesn't apply to any JScrollPane, but seems to be a bug with Burp's message editor.

This, for example, works perfectly when the text in the JTextArea overflows in either direction:

        splitpane = JSplitPane()
        splitpane.setLeftComponent(self.param_handl_request_editor.getComponent())
        splitpane.setRightComponent(JScrollPane(JTextArea()))
        derive_param_single_card.add(splitpane, constraints)

In any case, thanks for the suggestion to use an ITextEditor. That will suffice for the purposes of this component.

elespike avatar Mar 02 '20 18:03 elespike

Nope, ITextEditor has the same issue. =(

elespike avatar Mar 02 '20 18:03 elespike

Sorry for the late response.

I've had a play around with the original issue linked (mod0burpuploadscanner) and the issue is definitely caused by the instance of JScrollPane (in their case, it was a one-line fix to remove the JScrollPane instance, although it does mess up the rest of their UI).

I've had a quick look at yours, but as you say, you can't just remove the scroll pane instance and have it all still work. Still, I'm very certain that that is what is causing the issue.

Perhaps if you were able to further encapsulate the message editor tabs in another panel that might help?

Hannah-PortSwigger avatar Mar 09 '20 15:03 Hannah-PortSwigger

Hi, @HannahLaw-Portswigger. Thanks for continuing to look into this.

After some additional tests, I've seen the opposite in my case. That is, it doesn't seem to be a JScrollPane issue for me. I have:

  • Replaced Burp's message editor with a JScrollPane(JTextArea()): no infinite scroll
  • Converted my parent component from a JScrollPane into a JPanel while using Burp's message editor, and the editor keeps growing with every UI update.

I've recorded a short video starting from the same code in the master branch, and demonstrating some tests and their effects (zipped mp4): burp-cph_issue-46.zip

While I forgot to record your suggestion in the video, I did try encapsulating the message editor in another JPanel, to no avail.

elespike avatar Mar 10 '20 04:03 elespike

Thank you for that information.

Would you be able to email us at [email protected] so that I can raise this as a ticket for further investigation?

Hannah-PortSwigger avatar Mar 10 '20 07:03 Hannah-PortSwigger

Email sent :+1:

elespike avatar Mar 12 '20 03:03 elespike

@tzuk-pl, they've identified the issue on their end. The fix will be included in the next release of Burp. :+1:

Thanks for your help, @HannahLaw-Portswigger

elespike avatar Mar 16 '20 23:03 elespike

We're pleased to announce the release of Burp v2020.4

Hannah-PortSwigger avatar Apr 27 '20 11:04 Hannah-PortSwigger

I have the infinite scrolling problem in Burp v2020.9 using CPH 3.0.

KwnyPwny avatar Sep 08 '20 11:09 KwnyPwny

@HannahLaw-Portswigger, in addition to the comment above, I've seen the scrolling issue happening again on 2020.12.1, FYI.

To reproduce with burp-cph:

  1. Load the extension and navigate to its CPH Config tab
  2. Create a new configuration tab (click + next to Options)
  3. Click the checkbox labeled "the value I need is dynamic"
  4. Click the Clone button at the top of the pane

elespike avatar Jan 31 '21 05:01 elespike

Hi, could you drop us an email at [email protected] (if you haven't already) so that we have an open ticket for this issue?

Cheers!

Hannah-PortSwigger avatar Feb 01 '21 09:02 Hannah-PortSwigger

Done, thanks for your help! =)

elespike avatar Feb 01 '21 23:02 elespike