Contents of Global Variables and Logs not showing - Burp Pro 2024.11.1

[0xquad]

Hi! First, thank you so much for this extension; super useful in all kinds of scenarios.

Haven't used it in a while and now, after a few Burp version upgrades, it seems like the Global Variables and Logs tabs do not show any contents. Using the latest version of the extension though.

However it seems like everything still works: variables are created/assigned correctly (and can be used) and I've found that logs are actually shown in the Extensions logs instead. So it seems to be an issue on how the info is displayed within the extension tool itself.

But that does hinder a bit how we can use the extension since we can't view and manipulate global variables. I tried deactivating pretty much all other extensions to make sure it wasn't causing interference.

[ddwightx]

Hi @0xquad
Thanks for the report. I see you are using an early adopters version of Burp Suite. Although those versions of Burp Suite could contain more bugs, I was unable to reproduce the issue so at least it seems to not be a broad issue. Based on the location of the issues you pointed out, the problem appears to be with the text editor component Burp Suite is supplying to the extension. I expect it's just an install issue. Can you please try deleting Reshaper and re-installing it.

[tomdottom]

Hi @ddwightx,

I can confirm that:

• Burp Pro 2024.11.1 - has issues with displaying variables and logs
• Burp Pro 2022.10.3 - works as expected

Of note:

I had to purge settings from 2024.11.1 installation before extension started working as expected:

• ~/.BurpSuite ; and
• ~/.java/.userPrefs/burp/extensions

[ddwightx]

Hi @tomdottom. Thanks for the info.
Did you find that removing ~/.BurpSuite alone wasn't enough?
When you go back to 11.1 does it stop working correctly again?

[0xquad]

Interesting info, thanks!

Tried to reinstall the extension but the behavior is the same for me. Not sure where exactly the preferences are located on Windows though. Looked into %appdata%\BurpSuite\bapps\<id> but I could only find some static files. No obvious places in \ProgramData either. I used to use the plain .jar file of Burp Suite Pro but switched very recently to the installer (which has its own bundled jre), if that's of any relevance.

[ddwightx]

@0xquad The extension preferences are in Registry at HKEY_CURRENT_USER\Software\JavaSoft\Prefs\burp\extensions\_/Reshaper. Please make sure to create a backup of your rules before deleting that registry folder. You can also registry export that Registry folder.

FYI, the key names you see would look like this. If you wanted to selectively delete, here's what everything is:
string_/Reshaper.workspaces // Only used by Reshaper 2.5.x and stores all settings/rules/variables as one JSON blob. If you had older Reshaper versions, those are copied to here and used from here.
string_/Reshaper.variables // Persisted global variables used by Reshaper before v2.5.x
string_/Reshaper.rules // Persisted HTTP rules used by Reshaper before v2.5.x
string_/Reshaper.web/Socket/Rules // Persisted WebSocket rules used by Reshaper before v2.5.x
string_/Reshaper.general/Settings // Persisted settings used by Reshaper before v2.5.x

[0xquad]

Thanks for the info, perfect!

So I shut Burp down and backed up the _/Reshaper key (exported & renamed) , then started Burp again. Expectedly my settings for Reshaper were reset. Also, Burp was updated to 2014.12 earlier this week.

I've created a new simple http rule to capture the user agent header: match on any request from the Repeater tool and set a global variable ua to the value of the User-agent header. Upon sending a request with the Repeater after adjusting the Settings to include that tool, ua is created and the rule works.

However I observe the same behavior: the Global Variables tab cannot show the variable contents and the Logs tab is empty. I'll mention also that logs appear in the Extensions Output logs only when 'Replicate Logs to Extension Output' is set in Reshaper Settings (as expected, but didn't notice the first time).

If there's anything else I can test let me know!

[0xquad]

Tested once more by removing the burp registry key completely and starting anew and I can confirm what @tomdottom said: the extension works as expected again! 👍

So there must be something that Burp stores in its settings that interferes with Reshaper after version 2024.11. So either users will have to completely reset their Burp settings (not ideal, including considering the license registration), or the fix should come from Reshaper or PortSwigger somehow.

I wonder if I could pinpoint exactly what registry key/value causes this but that would take time.

Not sure if we want to close this issue or not; the bug does exist, but the cause/fix isn't clear at all although there is this radical workaround.

(Info for anyone who wants to preserve their Pro license, the reg keys to keep are the following: license1, suite.installation/Id, global.suite.device/Id, and the four blobs with garbled keys and values.)

[ddwightx]

@0xquad Nice find. I'll contact PortSwigger support about this issue. Let's keep this issue open for now. Thanks!

[0xquad]

OK sorry for the additional noise; I was too annoyed by this and proceeded to test a little more. 😅 Found the culprit: the extension JWT Editor. If you have both loaded at the same time, Reshaper trips and can't display the global variables nor logs.

So the workaround for now comes down to: use either extension but not both at the same time.

I've tested with my previous fully configured Burp so it seems like this is the only cause and nothing else. The root cause however is not clear (why would they interfere?). In my extension list, Reshaper was after JWT Editor.

For further testing: if you have Reshaper loaded and then load JWT Editor, you'll see the Reshaper main navigation bar tab disappear. But it's actually there and you can click on it, which is weird. Restarting Burp in between the tests you can observe different behaviors. Varying the order of the extensions too and then loading/unloading them, or move them up or down the list while loaded.

Seems like the extension repo has diverged from how PortSwigger maintains it, so I'm not sure where to go from here.

[ddwightx]

@0xquad Excellent debugging! I'm able to reproduce that issue with JWT Editor as well.
I wouldn't be too concerned about the diverging commits in the JWT Editor repos. Whenever Portswigger merges they do extra commits to update metadata files and sometimes build tool files. The last merge from the author's repo into the Portswigger repo was from Sept, so, the author's repo would also have additional commits until submitted to be merged again into the Portswigger repo. The author's repo is active and maintained.

@tomdottom Can you confirm whether or not you use JWT Editor as well?

[ddwightx]

I've done further testing. The issue appears to be between extensions that use the WebSocketMessageEditor based on my testing of extensions I see using it according to https://github.com/search?q=org%3APortSwigger+WebSocketMessageEditor&type=code. Extensions that use UserInterface::createWebSocketMessageEditor (i.e. Socket Sleuth, Reshaper, Websocket Turbo Intruder) do not conflict with each other. However, the extensions that use UserInterface::registerWebSocketMessageEditorProvider (i.e. HaE and JWT Editor) either break themselves or break the extensions that use UserInterface::createWebSocketMessageEditor when the extensions are activated at the same time. The result of the conflict is tabs not loading or tab names disappearing.

[tomdottom]

@tomdottom Can you confirm whether or not you use JWT Editor as well?

@ddwightx I do indeed us JWT Editor and can confirm that disabling appears to resolve issues viewing variables and logs.

Nice work @0xquad 👏