Package Details: burpsuite 2022.3.7-1

Git Clone URL: (read-only, click to copy)
Package Base: burpsuite
Description: An integrated platform for performing security testing of web applications (free edition)
Upstream URL:
Licenses: custom
Submitter: daronin
Maintainer: tux268 (dkasak)
Last Packager: tux268
Votes: 102
Popularity: 1.46
First Submitted: 2008-02-14 18:49 (UTC)
Last Updated: 2022-05-17 09:35 (UTC)

Dependencies (1)

Required by (1)

Sources (4)

Latest Comments

mostwantedduck commented on 2022-05-06 14:23 (UTC)

@tux268 I notice that it was fixed starting from 2022.2.5-1 build 12599

tux268 commented on 2022-05-06 11:56 (UTC) (edited on 2022-05-06 11:56 (UTC) by tux268)

@geordanex I can't reproduce the issue. However, the current version is 2022.3.6, do you also encounter the same issue with this version ?

geordanex commented on 2022-05-02 04:00 (UTC)

@tux268 same error here version installed burpsuite-1:2022.2.5-1

Could not start Burp: java.lang.NullPointerException: Cannot invoke "jdk.internal.platform.CgroupInfo.getMountPoint()" because "anyController" is null

mostwantedduck commented on 2022-04-11 16:47 (UTC)

@tux268 I don't think it was your change... I tried without the option and with all those other flags. I start imagine that is something related to my hypervisor (proxmox) somehow.

tux268 commented on 2022-04-11 08:46 (UTC) (edited on 2022-04-11 09:12 (UTC) by tux268)

@mostwantedduck It might be linked to a change I recently made in the PKGBUILD to switch to JDK17. I'm going to look into it and fix this issue ASAP. Thanks for letting me know

EDIT : I have removed the --illegal-access=permit flag and added --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED as suggested by Burp.

mostwantedduck commented on 2022-04-08 20:50 (UTC) (edited on 2022-04-10 17:38 (UTC) by mostwantedduck)

Recently I start having problem to run burpsuite... Tried to use other jdks but nothing worked.

That is what I have. It's a VM running on proxmox (not sure if it's relevant):

[mwd@manjaro-xfce jvm]$ sudo archlinux-java status
Available Java environments:
  java-17-openjdk (default)

[mwd@manjaro-xfce jvm]$ java -version
openjdk version "17.0.3" 2022-04-19
OpenJDK Runtime Environment (build 17.0.3+3)
OpenJDK 64-Bit Server VM (build 17.0.3+3, mixed mode)

[mwd@manjaro-xfce jvm]$ burpsuite
OpenJDK 64-Bit Server VM warning: Ignoring option --illegal-access=permit; support was removed in 17.0
Could not start Burp: java.lang.NullPointerException

[mwd@manjaro-xfce jvm]$ cat /usr/bin/burpsuite

exec $JAVA_HOME/bin/java --illegal-access=permit -jar /usr/share/burpsuite/burpsuite.jar $@

Posted a video with the error if anyone is interested...

sukrosono commented on 2022-02-06 15:51 (UTC)

don't remove the flag --illegal-access=permit, just read the wiki

Kr1ss commented on 2021-11-04 17:50 (UTC)

@dkasak @tux268 - Pls disregard my out-of-date flag for now. I missed that this version has been released to the early-adopter channel only.

Sorry for the noise.

tux268 commented on 2021-08-11 09:26 (UTC)

@berrabe I haven't been able to reproduce this error. The link seems to work fine for me. Do you have any more input, so I can try to reproduce this ?

berrabe commented on 2021-08-09 02:14 (UTC) (edited on 2021-08-09 02:17 (UTC) by berrabe)

i've error HTTP 503 When Download Jar Binary Package on

Update : I've checked the error from website itself

LiHua commented on 2021-06-26 02:26 (UTC)

@tux268 I was using java-16-openjdk.

tux268 commented on 2021-06-25 21:28 (UTC)

@LiHua Thanks for the suggestion, I was using java-11-openjdk, so I did not notice the issue. I did as you suggested.

LiHua commented on 2021-06-25 17:33 (UTC) (edited on 2021-06-26 02:35 (UTC) by LiHua)

@dkasak @tux268 Change echo "exec \$JAVA_HOME/bin/java -jar /usr/share/burpsuite/burpsuite.jar \$@" >> ${pkgdir}/usr/bin/${pkgname} in PKGBUILD to echo " exec \$JAVA_HOME/bin/java --illegal-access=permit -jar ${pkgdir}/usr/share/burpsuite/burpsuite.jar \$@" >> ${pkgdir}/usr/bin/${pkgname} can fix JDK high version Warning.

tux268 commented on 2021-06-24 12:48 (UTC)

@moson Thanks, I fixed it.

moson commented on 2021-06-24 08:10 (UTC)

@tux268 pkgrel in .SRCINFO and PKGBUILD don't match.

edward-p commented on 2021-03-04 07:01 (UTC)

Remove bundled chromium for Windows and Mac OS X to reduce the size?

prepare() {
  cd ${srcdir}
  # remove useless chromium versions
  zip -d ${pkgname}-${pkgver}.jar 'chromium-macosx*.zip' 'chromium-win*.zip'

dkasak commented on 2021-01-04 17:04 (UTC) (edited on 2021-01-04 17:05 (UTC) by dkasak)

@AlgoJerViA: What's the output you get from running archlinux-java get as root?

EDIT: Ah, I see you edited your comment. Did you get it working?

AlgoJerViA commented on 2021-01-04 15:57 (UTC) (edited on 2021-01-04 15:58 (UTC) by AlgoJerViA)

The package installed fine but when I tried to start it it complains my java version is to old. So I guess the dependencies are off.

EDIT: I see there is a warning message now when running install.

dkasak commented on 2020-09-29 07:56 (UTC)

@Thect36, hmm, it works for me (I tried with yay too). Are you sure it wasn't just a transient error on your or Portswigger's side? Please try building again.

Thect36 commented on 2020-09-24 12:45 (UTC)

Got an error when installing with yay.

==> ERROR: Failure while downloading

XMB5 commented on 2020-08-11 01:31 (UTC) (edited on 2020-08-11 01:34 (UTC) by XMB5)

You should consider removing windows and macos chromium zips from the jar file, something along the lines of 7z d burpsuite.jar 'chromium-mac*.zip' 'chromium-win*.zip'. This should save ~170MiB

dkasak commented on 2020-04-28 10:23 (UTC)

Updated to 2020.4. Note that Java 8 is no longer supported so you need to update your default Java installation using archlinux-java if you're still using Java 8 as a default.

dkasak commented on 2020-04-11 13:55 (UTC)

Updated, sorry for the delay.

dkasak commented on 2020-03-22 10:33 (UTC)

Just writing to say there's been a strong earthquake here today so I may be a little bit delayed in updating the package.

freddyal commented on 2020-02-04 01:01 (UTC)

Thank you @dkasak, those were all the changes I would have made as well. Thanks for updating accordingly, I'll keep an eye out for other changes as I use burpsuite pretty frequently myself.

dkasak commented on 2020-02-03 12:16 (UTC)

@freddyal I just updated the package to 2020.1. Please do flag the package as out-of-date if you notice a new version and I still haven't updated it.

In case the change you wanted to push contained something other than what I've done, drop me a diff of it here.

freddyal commented on 2020-02-01 16:17 (UTC) (edited on 2020-02-01 16:17 (UTC) by freddyal)

Hello @dkasak, I would like to push a change to the burpsuite AUR in which burpsuite is updated to the 2020.1 version. Let me know what you need from me to make this happen?

dkasak commented on 2019-09-06 16:31 (UTC) (edited on 2019-09-06 16:31 (UTC) by dkasak)

Oh, that's what you meant. Thanks.

However, the feature works for me. When I select the Render tab, there's a Click to render page button there, and upon clicking that, it spawns a browser window with the rendered site (like on your screenshot). Also, the "Embedded browser health check" succeeds at all of the steps.

I'll try poking around a bit to see whether I can find some more information and reproduce this.

Which Java runtime are you using?

erkana commented on 2019-09-06 10:50 (UTC)

@dkasak, rendering is a function in repeater tab, when you send a request to repeater tab or craft your own request in repeater and then send it to the server, there is a Render sub-tab, it renders the server response in a new browser tab.

dkasak commented on 2019-09-06 10:02 (UTC)

@erkana: What do you mean by "render on repeater"? How do I access this feature?

erkana commented on 2019-09-06 06:48 (UTC)

When I try render on repeater, a new window pops up normally but dissappears immediately, so render function not working. I have installed the official package and there is no problem with it. There is a diag tool in about menu "embedded browser health check" and it reports following error :

Server failed to start. Server ERR: Inconsistency detected by dl-lookup.c: 111: check_match: Assertion `version->filename == NULL || ! _dl_name_match_p (version->filename, map)' failed!

dkasak commented on 2019-07-24 12:25 (UTC) (edited on 2019-07-24 12:25 (UTC) by dkasak)

@gambas, it works for me. This line is suspicious due to containing .part:

mv: cannot stat '/var/tmp/pamac-build-moi/burpsuite/burpsuite-2.1.01.jar.part':

Perhaps a failed download? Also, I assume from that path you're using pamac. Have you tried building the package with makepkg to see whether it still fails for you?

gambas commented on 2019-07-24 06:00 (UTC) (edited on 2019-07-24 06:03 (UTC) by gambas)

100 286M 100 286M 0 0 1302k 0 0:03:45 0:03:45 --:--:-- 2751k

mv: cannot stat '/var/tmp/pamac-build-moi/burpsuite/burpsuite-2.1.01.jar.part':

No such file or directory

-> Found LICENSE

-> Found burpsuite.desktop

-> Found icon64.png

==> Validating source files with sha256sums...

burpsuite-2.1.01.jar ... Passed

LICENSE ... Passed

burpsuite.desktop ... Passed

icon64.png ... Passed

==> Removing existing $srcdir/ directory...

==> Extracting sources...

ln: failed to create symbolic link '/var/tmp/pamac-build-moi/burpsuite/src/': No such file or directory

ln: failed to create symbolic link '/var/tmp/pamac-build-moi/burpsuite/src/': No such file or directory

ln: failed to create symbolic link '/var/tmp/pamac-build-moi/burpsuite/src/': No such file or directory

ln: failed to create symbolic link '/var/tmp/pamac-build-moi/burpsuite/src/': No such file or directory

==> Entering fakeroot environment...

==> Starting package()...

/usr/share/makepkg/util/ line 75: cd: /var/tmp/pamac-build-moi/burpsuite/src: No such file or directory

==> ERROR: Failed to change to directory /var/tmp/pamac-build-moi/burpsuite/src Aborting...

nbarbey commented on 2019-02-21 14:25 (UTC)

I had to install jre8-openjdk to be able to launch.

nbarbey commented on 2019-02-21 14:23 (UTC)

Hello ! I try to run /usr/bin/burpsuite but I get the following error :

java.lang.UnsatisfiedLinkError: no splashscreen in java.library.path

I wonder if there may be a missing dependency on this package ?

notizblock commented on 2018-10-23 14:13 (UTC)

I'm no longer using burp suite, feel free to adopt.

notizblock commented on 2018-08-22 19:13 (UTC)

Builds as expected via makepkg and its not out of date.

c0d3z3r0 commented on 2018-08-22 18:07 (UTC)

(1/1) installing burpsuite [######################] 100% error: could not extract /usr/share/burpsuite/burpsuite.jar (Lzma library error: No progress is possible) error: problem occurred while installing burpsuite error: could not commit transaction error: failed to commit transaction (transaction aborted) Errors occurred, no packages were upgraded.

MarcinWieczorek commented on 2018-06-20 12:54 (UTC)

Please switch to sha for checksums, thanks!

rlf commented on 2017-12-21 21:02 (UTC)

To get the jar file to download, I had to temporarily remove the "-C -" from my /etc/makepkg.conf. I don't think this can be fixed by packaging this package differently (makepkg.conf is provided by pacman with this option as default). Comment is here for the sake of prosperity.

notizblock commented on 2016-11-25 17:19 (UTC)

@grawity: fixed, thx for the suggestion.

grawity commented on 2016-11-13 20:34 (UTC)

"${pkgname}.jar" causes problems with persistent SRCDEST cache – it should be downloaded to "${pkgname}-${pkgver}.jar" instead.

notizblock commented on 2016-11-05 11:45 (UTC)

Ouch, that was my fault. I updated the LICENSE file and missed the checksums. Thx!

rlf commented on 2016-11-05 09:19 (UTC)

The LICENSE file fails verification. Seems like it should have an md5sum of 4cb5840ee960fa96da23b7833acf8b3a. Tried clean building twice, only worked after manually changing the checksum in the PKGBUILD.

notizblock commented on 2016-11-05 07:49 (UTC)

Excellent suggestion @duesee. Updated accordingly.

duesee commented on 2016-11-04 21:16 (UTC) (edited on 2016-11-04 21:22 (UTC) by duesee)

The checksum of `` is `d34753e71e8fcd505e39510c6bf9e74b`. Maybe change the PKGBUILD to point to the archive at

Desdic commented on 2016-09-19 18:25 (UTC)

@notizblock Sorry .. it seems that it was my pacaur cache.

notizblock commented on 2016-09-19 17:00 (UTC)

@Desdic: Just tested it, works as expected.

Desdic commented on 2016-09-19 10:33 (UTC)

It seems that checksum failed again with 1.7.06-1 burpsuite.jar ... FAILED

ArmlessJohn commented on 2016-09-11 19:50 (UTC)

The checksum for burpsuite.jar is not working. I rehashed the file and got: 1385fa0625448329a8bde17d78b22f62, just replace the wrong one in the PKGBUILD (d126dd11dc58fc1040bcf12f39966232)

ceri commented on 2016-05-29 09:26 (UTC)

@notizblock It's working now. Looks like the download site served me a bad file the first time.

notizblock commented on 2016-05-29 08:11 (UTC)

@ceri: just tried a clean build - works.

ceri commented on 2016-05-27 23:34 (UTC)

==> Validating source files with md5sums... burpsuite.jar ... FAILED

the-k commented on 2016-04-24 12:06 (UTC)

Oh, my bad. It works, it was pacaur fault.

notizblock commented on 2016-04-22 15:46 (UTC)

@Kuci just tried a new build – works.

the-k commented on 2016-04-22 06:01 (UTC)

Checksum for burpsuite.jar is invalid.

gim commented on 2015-09-03 03:59 (UTC)

I would change the description to a more accurate: "An integrated platform for performing security testing of web applications" Also, description should not include a self-referencing name. See

Eriner commented on 2015-09-01 08:56 (UTC)

pkgver is immensely outdated, md5sums do not match. pkgver should (ideally) be incremented to match the current version of burpsuite so aur helpers show that there is an update. The md5sum of burpsuite.jar should be set to 'SKIP' so that burpsuite builds with any release. Patch can be found here:

notizblock commented on 2015-08-03 14:57 (UTC)

@tux: why did you flag this package?

notizblock commented on 2015-07-27 09:59 (UTC)

Thx @atriix for your comment and the suggested changes – applied.

atriix commented on 2015-07-26 19:20 (UTC)

Using as source url seem to match up with the check sum.

atriix commented on 2015-07-26 16:57 (UTC) gives me 404. Is that only me? Also source url in the PKGBUILD should be with https, since the http is a redirect anyway.

notizblock commented on 2014-09-23 20:57 (UTC)

Thank you very much :)

FreedomBen commented on 2014-09-23 16:07 (UTC)

Package works great. Awesome to have this as a package. This is why I love Arch. Thanks so much for your work!

dkorzhevin commented on 2014-05-11 10:36 (UTC)

Thank you for this package!

notizblock commented on 2014-04-17 17:28 (UTC)

Updated, thx @kageurufu for the improvements.

kageurufu commented on 2014-04-16 19:14 (UTC)

I've created an updated PKGBUILD adding an icon and .desktop file. Its available here

notizblock commented on 2013-09-09 18:01 (UTC)

tried it and it works without problems – unflagged.

commented on 2013-09-07 12:55 (UTC)

Why is the package flagged out of date? The free version of burp downloadable at the portswigger website is exactly the same as in the package. Of course, the commercial version is newer, but this AUR is about the free version...

el_roux commented on 2013-08-20 19:18 (UTC)

To complement below, this is because it is the default font used by java maybe it is more a java dependency.

el_roux commented on 2013-08-20 13:40 (UTC)

This package requires ttf-dejavu fonts in order to work. Otherwise, it crahes without warning.

ilikenwf commented on 2013-07-08 06:26 (UTC)

Needs a .desktop file so it'll appear in the app menus.

notizblock commented on 2011-07-08 08:39 (UTC)

portswigger repackaged burp 1.4, hence the different md5sum – updated.

notizblock commented on 2011-07-07 21:38 (UTC)

@AkaBkn, thx for pointing this out. It looks like a silent update, since there is no change in the version number. I contacted the author for clarification…

AkaBkn commented on 2011-07-07 19:56 (UTC)

fingerprint doesn't match!

notizblock commented on 2011-02-18 13:23 (UTC)

good point, thx @intgr

intgr commented on 2011-02-18 09:55 (UTC)

I would change the shell script to: echo 'exec $JAVA_HOME/bin/java -jar /usr/share/burpsuite/burpsuite.jar $@' >> ${pkgdir}/usr/bin/${pkgname} "exec" means that the sh process doesn't stick around while Burp is running. "$@" passes on all arguments to Burp (although I'm not sure it takes any).

notizblock commented on 2010-10-10 19:57 (UTC)

the url for burp has changed.

notizblock commented on 2010-05-06 05:00 (UTC)

thanks for the hint. i uploaded a new pkgbuild.

matthewbauer commented on 2010-05-06 02:32 (UTC)

You shouldn't hardcode JAVA_HOME so: echo "\$JAVA_HOME/bin/java" -jar '/usr/share/burpsuite/burpsuite_v1.3.jar' >> ${pkgdir}/usr/bin/${pkgname}