Closed pwndad closed 2 years ago
seems to be duplicate of https://github.com/jython/jython/issues/16 error comes from jython and not this extension, sorry
May be of interest that Jython has stopped the jffi.dll thing. https://github.com/jython/jython/issues/16#issuecomment-1133991708.
On Windows machines configured with AppLocker the burp extension fails to load since it wants to load an unknown jffi.tmp from %temp% which is usually C:\users\user\appdata\local\temp
This .TMP file is actually an Portable Executable (probably DLL) when loaded from user writable directories (e.g. TEMP folder) will be prevented by AppLocker. This is how most malware gets executed although it seems not very malicious https://www.virustotal.com/gui/file/58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef
Problem: Extension depends on Jiffi binary (PE) file loaded from temp folder
Possible root cause: https://github.com/CompassSecurity/burp-copy-request-response/blob/master/CopyRequestResponse.py#L9
Solution: Don't extract & load DLLs during runtime. Use pre-configured Burp directories instead (Extender->Options->Python Environment)