Infinite horizontal scrolling - Burp v2020.1

tzuk-pl commented 4 years ago

When a CPH tab uses the "values returned by issuing a single request" the HTTP message editor window has an infinite scrolling issue.

This issue has been reported by Burp Suite to other extensions, including upload scanner:

https://github.com/modzero/mod0BurpUploadScanner/issues/60

We’ve just released a new version of Burp that has some big changes to the HTTP message editor.

Notably, a scroll pane is now implemented inside the message editor.

Unfortunately, this has caused an infinite scrolling issue with your extension. This was reported to us by a user of your BApp, who provided a video of the issue (https://monosnap.com/file/Gqw1tXkXKupRRSAsBSEN3rcjbAYyDw).

If possible, could you remove the scroll pane instance you have implemented, and create a pull request against the PortSwigger branch of your repository so that we can review the changes and update the BApp?

elespike commented 4 years ago

Thanks for reporting this! I'll have a closer look this week and push out a new version to BApp soon. =)

elespike commented 4 years ago

@HannahLaw-Portswigger, is there a workaround for this?

I can't simply remove the parent JScrollPane. I've tried setting horizontal scroll policies and maximum component sizes, all to no avail.

Here are some relevant lines:

Define HTTP message editors: https://github.com/elespike/burp-cph/blob/master/CPH_Config.py#L1149-L1150
Put them in a JSplitPane: https://github.com/elespike/burp-cph/blob/master/CPH_Config.py#L1453-L1456
Entire tab is an instance of JScrollPane: https://github.com/elespike/burp-cph/blob/master/CPH_Config.py#L255

Hannah-PortSwigger commented 4 years ago

The new message editor has a scroll pane as part of it. With a scroll pane inside a scroll pane, it causes the infinite scrolling issue.

As far as I'm aware I haven't seen someone fix this yet (as the original extension I opened the issue on still is yet to respond).

If you can't remove the scroll pane instance, you could try changing the message editor to something different instead. Perhaps the ITextEditor (IBurpExtenderCallbacks.createTextEditor)?

Please let me know how you get on.

elespike commented 4 years ago

@HannahLaw-Portswigger, from what I can tell, the infinite scrolling issue doesn't apply to any JScrollPane, but seems to be a bug with Burp's message editor.

This, for example, works perfectly when the text in the JTextArea overflows in either direction:

        splitpane = JSplitPane()
        splitpane.setLeftComponent(self.param_handl_request_editor.getComponent())
        splitpane.setRightComponent(JScrollPane(JTextArea()))
        derive_param_single_card.add(splitpane, constraints)

In any case, thanks for the suggestion to use an ITextEditor. That will suffice for the purposes of this component.

elespike commented 4 years ago

Nope, ITextEditor has the same issue. =(

Hannah-PortSwigger commented 4 years ago

Sorry for the late response.

I've had a play around with the original issue linked (mod0burpuploadscanner) and the issue is definitely caused by the instance of JScrollPane (in their case, it was a one-line fix to remove the JScrollPane instance, although it does mess up the rest of their UI).

I've had a quick look at yours, but as you say, you can't just remove the scroll pane instance and have it all still work. Still, I'm very certain that that is what is causing the issue.

Perhaps if you were able to further encapsulate the message editor tabs in another panel that might help?

elespike commented 4 years ago

Hi, @HannahLaw-Portswigger. Thanks for continuing to look into this.

After some additional tests, I've seen the opposite in my case. That is, it doesn't seem to be a JScrollPane issue for me. I have:

Replaced Burp's message editor with a JScrollPane(JTextArea()): no infinite scroll
Converted my parent component from a JScrollPane into a JPanel while using Burp's message editor, and the editor keeps growing with every UI update.

I've recorded a short video starting from the same code in the master branch, and demonstrating some tests and their effects (zipped mp4): burp-cph_issue-46.zip

While I forgot to record your suggestion in the video, I did try encapsulating the message editor in another JPanel, to no avail.

Hannah-PortSwigger commented 4 years ago

Thank you for that information.

Would you be able to email us at support@portswigger.net so that I can raise this as a ticket for further investigation?

elespike commented 4 years ago

Email sent :+1:

elespike commented 4 years ago

@tzuk-pl, they've identified the issue on their end. The fix will be included in the next release of Burp. :+1:

Thanks for your help, @HannahLaw-Portswigger

Hannah-PortSwigger commented 4 years ago

We're pleased to announce the release of Burp v2020.4

KwnyPwny commented 4 years ago

I have the infinite scrolling problem in Burp v2020.9 using CPH 3.0.

elespike commented 3 years ago

@HannahLaw-Portswigger, in addition to the comment above, I've seen the scrolling issue happening again on 2020.12.1, FYI.

To reproduce with burp-cph:

Load the extension and navigate to its CPH Config tab
Create a new configuration tab (click + next to Options)
Click the checkbox labeled "the value I need is dynamic"
Click the Clone button at the top of the pane

Hannah-PortSwigger commented 3 years ago

Hi, could you drop us an email at support@portswigger.net (if you haven't already) so that we have an open ticket for this issue?

Cheers!

elespike commented 3 years ago

Done, thanks for your help! =)

elespike / burp-cph

Infinite horizontal scrolling - Burp v2020.1 #46