Burp does not start

[danielmichaels]

Issue Burpsuite does not start.

Error condition Cli: Burp, /usr/bin/burp and burp.jar — all exit with invalid or corrupt jarfile burp.jar DE: does not start (no errors logged, or prompts to screen)

System Vagrant build Java version: 1.8.0_212

Work around Download current Burp jar file — Community 2.1 (could also use 1.7.36) cp into /opt/samurai/burp and replace existing burp.jar.

Burp now starts correctly from cli and desktop.

I have not seen any other similar issues on the tracker, or googling but this did persist over several vagrant reload and destroy commands.

[secureideas]

Which version of Samurai? Master or next branch?

[danielmichaels]

Which version of Samurai? Master or next branch?

Master

[secureideas]

Please try next to see if that fixes it?

[danielmichaels]

I tried the next branch and still get the same issue.

Are there any logs I can provide?

[secureideas]

If you could send the vagrant logs. If you are more comfortable, email them to kevin@secureideas.com. I am not sure what is happening as I just built a vm and burp is running fine in it. But I am aware that "Works on my machine" is a crappy answer. :)

[danielmichaels]

Not a crappy answer! It absolutely should just work, and this gave me pause to where this has been happening.

TL;DR: When I spin it up on my work's network, burp doesn't install correctly. One my home network - it works!

I ran a test at home and burp fires up. At work, burp.jar gets corrupted. I vimdiff'd both vagrant logs and didn't see anything obvious but there's 40k+ lines so :grimacing:

I appreciate your time, happy to close this.

[secureideas]

Ahhh I bet you I know what it is. Can you cat the burp.jar that is downloaded on your work network? (Yes cat.) I bet you that your org is blocking or intercepting the request. Either NAC or a proxy. The result that is returned is an html page instead of the burp.jar file. When you try to launch that, it isn't a valid jar. :)

[JGillam]

I just got an error related to Burp during startup that looks like it could be related.

TASK [Download burpsuite community] ********************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: SSLError: ('The read operation timed out',)
fatal: [samuraiwtf]: FAILED! => {"changed": false, "elapsed": 1, "msg": "failed to create temporary content file: ('The read operation timed out',)"}

I'm currently running with VirtualBox 5.2.30 and I updated my base box to 201907.07.0.

[danielmichaels]

Ahhh I bet you I know what it is. Can you cat the burp.jar that is downloaded on your work network? (Yes cat.) I bet you that your org is blocking or intercepting the request. Either NAC or a proxy. The result that is returned is an html page instead of the burp.jar file. When you try to launch that, it isn't a valid jar. :)

I did a comparison between the working and non-working vm's:

cat burp.jar both return binary.

file -bi burp.jar both return application/zip; charset=binary

du -h: working == 280M corrupt jar == 233M

I am not sure whats happening here. The only difference between my two builds is the network used to download. So I would expect a failed download or a HTML page indicating its being blocked. Maybe the first download link is being blocked and the fallback is issuing a corrupt Jar file? The reasons are outside your control, and squarely with the network imo.

[secureideas]

Thanks for letting us know. :)