make sure to not cache data about running clients

burpui/app.py

@@ -758,6 +758,9 @@ def create_app(conf=None, verbose=0, logfile=None, **kwargs):
             ]
             app.config['SESSION_COOKIE_SECURE'] = \
                 app.config['REMEMBER_COOKIE_SECURE'] = any(criteria)
+        if '_extra' in request.args:
+            session['_extra'] = request.args.get('_extra')
+        g._extra = session.get('_extra', '')
 
     @app.login_manager.user_loader
     def load_user(userid):

burpui/templates/gerard.js

@@ -4,6 +4,7 @@ var NOTIF_ERROR   = 2;
 var NOTIF_INFO    = 3;
 
 var SESSION_TAG = $('meta[name=session]').attr("content");
+var _EXTRA = $('meta[name=_extra]').attr('content');
 var AJAX_CACHE = true;
 
 var _ajax_setup = function() {

burpui/templates/js/client.js

@@ -4,6 +4,8 @@
  * It is available on the 'specific' client view
  */
 
+var _cache_id = _EXTRA;
+
 /***
  * First we map some burp status with some style
  */
@@ -68,6 +70,9 @@ var _client_table = $('#table-client').DataTable( {
 		url: '{{ url_for("api.client_stats", name=cname, server=server) }}',
 		headers: { 'X-From-UI': true },
 		cache: AJAX_CACHE,
+		data: function (request) {
+			request._extra = _cache_id;
+		},
 		dataSrc: function (data) {
 			if (data.length == 0) {
 				$('#table-client').hide();
@@ -145,6 +150,9 @@ var _client = function() {
 	if (first) {
 		first = false;
 	} else {
+		if (!AJAX_CACHE) {
+			_cache_id = new Date().getTime();
+		}
 		_client_table.ajax.reload( null, false );
 		AJAX_CACHE = true;
 	}

burpui/templates/js/clients.js

@@ -30,6 +30,9 @@ var __date = {
 	"{{ _('now') }}": 'now',
 };
 
+var _some_clients_running = false;
+var _cache_id = _EXTRA;
+
 /***
  * _clients: function that retrieve up-to-date informations from the burp server
  * JSON format:
@@ -63,12 +66,16 @@ var _clients_table = $('#table-clients').DataTable( {
 	fixedHeader: true,
 	ajax: {
 		url: '{{ url_for("api.clients_stats", server=server) }}',
+		data: function (request) {
+			request._extra = _cache_id;
+		},
 		dataSrc: function (data) {
+			_some_clients_running = false;
 			return data;
 		},
 		error: myFail,
 		headers: { 'X-From-UI': true },
-		cache: AJAX_CACHE,
+		cache: AJAX_CACHE && !_some_clients_running,
 	},
 	rowId: 'name',
 	order: [[2, 'desc']],
@@ -104,11 +111,13 @@ var _clients_table = $('#table-clients').DataTable( {
 					if (data.percent > 0) {
 						result += ' ('+data.percent+'%)';
 					}
+				} else if (!data.static && data.state == "{{ _('running') }}") {
+					_some_clients_running = true;
 				}
 				return result;
 			}
 		},
-		{ 
+		{
 			data: null,
 			type: 'timestamp',
 			render: function (data, type, row ) {
@@ -143,6 +152,9 @@ var _clients = function() {
 	if (first) {
 		first = false;
 	} else {
+		if (!AJAX_CACHE || _some_clients_running) {
+			_cache_id = new Date().getTime();
+		}
 		_clients_table.ajax.reload( null, false );
 		AJAX_CACHE = true;
 	}

burpui/templates/js/servers.js

@@ -4,6 +4,8 @@
  * It is available on the global clients view
  */
 
+var _cache_id = _EXTRA;
+
 /***
  * _servers: function that retrieve up-to-date informations from the burp server
  *  The JSON is then parsed into a table
@@ -17,6 +19,9 @@ var _servers_table = $('#table-servers').DataTable( {
 	fixedHeader: true,
 	ajax: {
 		url: '{{ url_for("api.servers_stats") }}',
+		data: function (request) {
+			request._extra = _cache_id;
+		},
 		dataSrc: function (data) {
 			return data;
 		},
@@ -57,6 +62,9 @@ var _servers = function() {
 	if (first) {
 		first = false;
 	} else {
+		if (!AJAX_CACHE) {
+			_cache_id = new Date().getTime();
+		}
 		_servers_table.ajax.reload( null, false );
 		AJAX_CACHE = true;
 	}

burpui/templates/js/user.js

@@ -161,6 +161,8 @@ app.controller('UserCtrl', function($timeout, $scope, $http, $scrollspy) {
  */
 {% import 'macros.html' as macros %}
 
+var _cache_id = _EXTRA;
+
 {{ macros.timestamp_filter() }}
 
 var _sessions_table = $('#table-sessions').DataTable( {
@@ -177,6 +179,9 @@ var _sessions_table = $('#table-sessions').DataTable( {
 		headers: { 'X-From-UI': true },
 		cache: AJAX_CACHE,
 		error: myFail,
+		data: function (request) {
+			request._extra = _cache_id;
+		},
 		dataSrc: function (data) {
 			return data;
 		}
@@ -322,6 +327,9 @@ var _sessions = function() {
 	if (first) {
 		first = false;
 	} else {
+		if (!AJAX_CACHE) {
+			_cache_id = new Date().getTime();
+		}
 		_sessions_table.ajax.reload( null, false );
 		AJAX_CACHE = true;
 	}
@@ -364,6 +372,7 @@ var revoke_session = function(id, refresh) {
 	}).done(function(data) {
 		notifAll(data);
 		if (refresh && data[0] == NOTIF_SUCCESS) {
+			AJAX_CACHE = false;
 			_sessions();
 		}
 	}).fail(myFail);
@@ -391,6 +400,7 @@ $('#perform-revoke').on('click', function(e) {
 			});
 		} else {
 			$.when.apply( $, requests ).done(function() {
+				AJAX_CACHE = false;
 				_sessions();
 			});
 		}

burpui/templates/layout.html

@@ -7,6 +7,7 @@
     <meta name="description" content="Burp-UI is a web-ui for burp backup written in python with Flask and jQuery/Bootstrap">
     <meta name="author" content="Ziirish">
     <meta name="session" content="{% if 'tag_id' in session %}{{ session['tag_id'] }}{% endif %}">
+    <meta name="_extra" content="{{ g._extra }}">
     <link rel="shortcut icon" href="{{ url_for('static', filename='images/favicon.ico') }}">
 
     <title>Burp-UI</title>