Burp Suite Essentials
上QQ阅读APP看书,第一时间看更新

Specifying memory size for Burp

If we start Burp Suite by double-clicking on the .jar file, the Java runtime will allocate the maximum memory available to Burp on its own. The total amount allocated might vary based on the available system RAM. Since Burp Suite will capture hundreds and sometimes thousands of requests and responses of various sizes, it makes sense to allocate memory when we start the program.

There is the possibility that Burp Suite might crash if the total memory available is not enough. While doing a security assessment, we don't want to worry about disruption in our work or the feeling that we may lose valuable data about the assessment due to Burp Suite crashing. Therefore, it is prudent to specify how much system RAM is allocated to Burp Suite in the beginning itself.

Specifying the maximum memory Burp is allowed to use

We can use command-line flags provided by Java to ensure that Burp has enough, and more, memory to use while running our security assessment:

java -jar -Xmx2048M /path/to/burpsuite.jar
java -jar -Xmx2G /path/to/burpsuite.jar

Both these commands will allocate 2 GB of RAM to Burp Suite. We can also pass options for gigabytes, megabytes, or kilobytes. You can read up more about this at the Oracle page at http://docs.oracle.com/cd/E13150_01/jrockit_jvm/jrockit/jrdocs/refman/optionX.html#wp999528.

This should be enough for most web applications that need to be tested. If you have more system RAM to spare, you can even increase it further. There is a small caveat you should know. If you increase the memory allocated to Burp Suite beyond 4 GB, the Java Virtual Machine (JVM) garbage collector (GC) will need to do more work. This has been known to adversely affect the performance of Java-based applications. Keeping that in mind, there are clear performance gains that can be achieved by increasing the minimum heap size from the default, which can be as low as 128 MB on older machines.