Burp Plugin Using High CPU and Killing Live Audit Activity

h3xstream / burp-retire-js

Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.

Apache License 2.0

200 stars 56 forks source link

Burp Plugin Using High CPU and Killing Live Audit Activity #56

Open adamtimmins opened 5 years ago

adamtimmins commented 5 years ago

On Burp Pro 2.1.04

Noticed that the issue activty panel was displaying no results as I was proxying applications through Burp and seeing high cpu activity. The plugin was displaying no errors in the UI and when I loaded the plugin no errors are displayed. Running Burp as a JAR from the command line also displayed no errors. Once I unloaded the plugin, restarted Burp and navigated through any application this issue was not occuring again.

Appreciate any help on this, Cheers,

h3xstream commented 4 years ago

It could be hypothetically that some regex are too heavy on some large javascript files. 🤔

If you have some sample or public websites to reproduce the issue, let me know.