Package Details: burpsuite-pro 2023.2.2-1

Git Clone URL: https://aur.archlinux.org/burpsuite-pro.git (read-only, click to copy)
Package Base: burpsuite-pro
Description: An integrated platform for performing security testing of web applications (professional edition)
Upstream URL: https://portswigger.net/burp/
Licenses: custom
Submitter: freb
Maintainer: freb
Last Packager: freb
Votes: 8
Popularity: 0.101824
First Submitted: 2021-03-17 04:36 (UTC)
Last Updated: 2023-03-10 06:57 (UTC)

Dependencies (2)

Required by (0)

Sources (4)

Pinned Comments

freb commented on 2022-03-18 21:27 (UTC) (edited on 2022-03-18 21:28 (UTC) by freb)

The PKGBUILD file alters the downloaded JAR file to remove the Windows and Mac OS versions of the embedded Chromium browser. This saves 100's of MB in disk space.

However, since the PKGBUILD checksum is calculated on the original JAR, which we have altered, re-installing from cache won't work. You will get the following error unless you perform a cleanBuild:

==> Validating source files with sha256sums...
    burpsuite-pro-2022.2.3.jar ... FAILED

Latest Comments

1 2 Next › Last »

crdx commented on 2022-04-05 21:43 (UTC)

At the expense of some extra disk space the jar could be copied into $pkgdir before modifying it, leaving the original (and its checksum) intact.

freb commented on 2022-03-18 21:27 (UTC) (edited on 2022-03-18 21:28 (UTC) by freb)

The PKGBUILD file alters the downloaded JAR file to remove the Windows and Mac OS versions of the embedded Chromium browser. This saves 100's of MB in disk space.

However, since the PKGBUILD checksum is calculated on the original JAR, which we have altered, re-installing from cache won't work. You will get the following error unless you perform a cleanBuild:

==> Validating source files with sha256sums...
    burpsuite-pro-2022.2.3.jar ... FAILED

freb commented on 2022-03-18 21:24 (UTC)

@idontusearchbtw, that is expected when you attempt to re-install the package using the cache. The reason is that the PKGBUILD alters the downloaded JAR to remove the embedded versions of chromium for Mac and Windows to save space. You need to cleanBuild the package so that it will download and verify the original JAR to get past that error. You could also alter the PKGBUILD and replace the checksum with "SKIP" to get around it without doing an additional download.

If anyone knows a way to add multiple checksums for the same file or another fix, I'd love to hear it.

idontusearchbtw commented on 2022-03-18 10:39 (UTC)

Validating source files with sha256sums... burpsuite-pro-2022.2.3.jar ... FAILED

freb commented on 2022-01-31 17:04 (UTC)

@lord, thanks for the heads up. The PKGBUILD was up-to-date, but my hook to update the metadata went missing. I've fixed it now.

lord commented on 2022-01-31 07:52 (UTC) (edited on 2022-01-31 08:15 (UTC) by lord)

@freb, can you update package version? It currently installs 2022.1-1 and cause the error:

:: Searching AUR for updates...
 -> burpsuite-pro: local (2022.1-1) is newer than AUR (2021.12-1)

freb commented on 2021-09-28 17:36 (UTC)

@150Kirill150, it looks like you are using an unsupported version of Java (8). You at least need version 9, and I would guess most of us are using version 16, which is the latest. Since the package depends on version 9 or greater, my guess is that you have a newer version installed and just aren't using it.

You can change your default Java version with:

sudo archlinux-java set java-16-openjdk

Alternatively, you can create your own script to launch it, setting the Java version you want to use.

https://wiki.archlinux.org/title/java#Launching_an_application_with_the_non-default_java_version

If you only have Java 8 installed, and no other versions of Java, then let me know as there may be an issue with our dependencies. If this is the case, give me the output from:

pacman -Q | grep -i openjdk

150Kirill150 commented on 2021-09-28 14:16 (UTC) (edited on 2021-09-28 15:00 (UTC) by 150Kirill150)

burpsuite-pro
Unrecognized option: --add-opens Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit.

java -version master [b9c393a] openjdk version "1.8.0_292" OpenJDK Runtime Environment (build 1.8.0_292-b10) OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)

Help Me!

kirill@KirillPC:/usr/share/burpsuite-pro

java -jar burpsuite-pro.jar Error: A JNI error has occurred, please check your installation and try again Exception in thread "main" java.lang.UnsupportedClassVersionError: burp/StartBurp has been compiled by a more recent version of the Java Runtime (class file version 53.0), this version of the Java Runtime only recognizes class file versions up to 52.0 at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:756) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:468) at java.net.URLClassLoader.access$100(URLClassLoader.java:74) at java.net.URLClassLoader$1.run(URLClassLoader.java:369) at java.net.URLClassLoader$1.run(URLClassLoader.java:363) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:362) at java.lang.ClassLoader.loadClass(ClassLoader.java:418) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:352) at java.lang.ClassLoader.loadClass(ClassLoader.java:351) at sun.launcher.LauncherHelper.checkAndLoadMain(LauncherHelper.java:601)

freb commented on 2021-06-22 21:33 (UTC) (edited on 2021-06-22 21:34 (UTC) by freb)

@alxjsn, I confirmed your issue after updating my Java version. Burp Suite is only tested on versions of Java up to version 14, but I've never had an issue running the latest. I've pushed a new version with the flag added, so you should be good for now.

If people ever run into problems running the latest Java version, just let me know and I can add a depends constraint.

alxjsn commented on 2021-06-22 13:23 (UTC)

Anyone else getting the error message: "To run Burp Suite using Java 16 or above, please supply the following JVM argument: --illegal-access=permit"?

Might be worth it to add a patch if this continues with every new version so we don't have to add that manually every time there's an update.