On Sat, Jun 01, 2019 at 11:34:30PM -0400, Lawrence Teo wrote: > Burp Suite Community Edition needs jdk 1.8 to run properly. Using it > with jdk 11 will show this message on startup: > > WARNING: An illegal reflective access operation has occurred > WARNING: Illegal reflective access by burp.uie > (file:/usr/local/share/java/classes/burpsuite.jar) to field > javax.crypto.JceSecurity.isRestricted > WARNING: Please consider reporting this to the maintainers of burp.uie > WARNING: Use --illegal-access=warn to enable warnings of further illegal > reflective access operations > WARNING: All illegal access operations will be denied in a future release
That message is just a warning, appears all over Java land these days, and is due to Java 9+ enforcing inter-class security more (if a library author wants to expose classes to introspection by client classes, the library has to list those classes as 'open' in the library's module info file, in addition to the previously-required 'public' specification). These will get cleaned up over time. > In addition, attempting to intercept HTTPS will make the browser show an > error code SSL_ERROR_RX_RECORD_TOO_LONG (I tested with Firefox). > According to [1], this is due to using the free edition of Burp Suite > with jdk 11. > > The diff below fixes this by setting MODJAVA_VER to 1.8 which resolves > both issues. While here I have also: Before reverting to a relatively old version of Java, did you try adding the options shown in the link you cited, e.g -Xms16 -Xms4G -XX:MaxPermSize=1024M? Actually that looks a typo, I suspect it was meant to be -Xms1G -Xmx4G (these are start and max memory allocation). I don't have 'burp' installed or I'd d try it.
