Oct 11, 2024 12:18:49 PM | application security Cursor Chaos: Tackling The Text Troublemaker In Burp Suite Professional

Burp Suite Professional’s User Interface is one of the most advanced Java UIs out there, but everyone has a bad day now and then. Frustratingly, the tool’s Message Editor can […]

Burp Suite Professional’s User Interface is one of the most advanced Java UIs out there, but everyone has a bad day now and then. Frustratingly, the tool’s Message Editor can sometimes misrepresent where you are editing, including both the cursor represented by the pipe character (“|”) and text selections made using the mouse. 

Cursor Chaos

This situation makes the tool basically unusable for any manual testing. As seen in the video above, which shows a magnified view of Burp’s Intruder tool, highlighted selections used to mark injection points cannot be relied upon. Pressing backspace might cause a character two places behind the cursor to disappear. The effect is even variable within a line of text — while it may delete two characters behind on the left of the screen, it could be three or four on the right side of the screen. 

The Doctor Is In

What’s the prognosis? In my case, the problem was scaling issues within Burp due to an unconventional setup. I was viewing Burp in a VMware Horizons VDI client window. This meant there were probably multiple scaling factors in place: Burp’s scaling to fit the VDI environment, and the VMware Horizons client applying its own scaling to my local operating system. I was also using an external monitor, so perhaps another scaling function was applied there. The layers of scaling make for some really strange selection behavior, but can be easily fixed using a command argument to Java when opening Burp, to lock scaling to 100%:

> java -jar -Dsun.java2d.uiScale=1 burpsuite_pro_vVERSION.jar

Back in business!

 

Written By: Admin