Burp Server not Restoring To Burp Windows Client

[compumatter]

Hello,

Tonight Pablo and I spent some time on zoom testing the very latest Burp-UI along with Pablo's Ansible script. His Ansible script worked great with the new Burp-UI and is a solid solution. However during the process of trying to restore data from Burp-UI to the Windows Client we found we could not select the restore location via the "prefix to restore path" field within Burp-UI to the client. Further testing seems to indicate the problem is within Windows Burp Software.

I've created a video to make the problem clear.

https://www.youtube.com/watch?v=neVvv4UlQ4M

Using Burp Server 2.4 and Burp Win64 Installer 2.4

Thanks for your thoughts on this.

[grke]

Hello,

Sorry for the delay, I was not able to reply until now.

I suspect that what you are seeing is related to security improvements made in 2.2.14:

    Protect the client against restoring over symlinks that point
    outside of the desired destination directory. Giving a restore
    directory is now mandatory.

Prior to this, it was possible (under certain conditions) for malicious people to do undesirable things on any part of the client filesystem. Whereas now, you can (from the perspective of the client) limit where it writes.
This makes it a bit harder for the server to restore anywhere it likes.

However, if you want that ability (because you control both server and client) and my memory is correct, then I think you can probably override it on the client side just be setting 'restoreprefix=/' in the client side config.