JsonSyntaxException loading the addon with Burp Pro 2020.5.1

[adidsec]

Hi, I've not used the addon for a while so i'm not sure if this is a java issue, a burp issue or a legacy thing where maybe i've an old version of a config somewhere but i've got the latest version from the BappStore and i'm getting the following error. Any idea if this is a bug in the addon or something environmental? I've tried an earlier version of burp and get the same error but i don't know where the addon stores its config.

com.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_ARRAY but was STRING at line 1 column 1 path $
    at com.google.gson.Gson.fromJson(Gson.java:939)
    at com.google.gson.Gson.fromJson(Gson.java:892)
    at com.google.gson.Gson.fromJson(Gson.java:841)
    at com.google.gson.Gson.fromJson(Gson.java:813)
    at net.logicaltrust.persistent.SettingsSaver.loadEntries(SettingsSaver.java:75)
    at net.logicaltrust.persistent.MockRepository.<init>(MockRepository.java:23)

Any suggestions?

Thanks,

[mmmds]

Hi, unfortunately I haven't encountered such behaviour yet. However, it looks like a bug in the extension. As I workaround I suggest you to locate and move extension configuration file. On my system it is located in

~/.java/.userPrefs/burp/extensions/_!&8!]!"`!&@!`!!g!%0!bw"j!'s=/prefs.xml

I'm not sure if this directory is random, so I also paste fragment of the config structure so you can spot it easier.

$ head prefs.xml 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE map SYSTEM "http://java.sun.com/dtd/preferences.dtd">
<map MAP_XML_VERSION="1.0">
  <entry key="ENTRY_1" value="{&#10;  &quot;enabled&quot;: true,&#10;  &quot;rule&quot;: {&#10;    &quot;host&quot;: &quot;^example\\.com$&quot;,&#10;    &quot;path&quot;: &quot;^/$&quot;,&#10;    &quot;port&quot;: &quot;^80$&quot;,&#10;    &quot;protocol&quot;: &quot;HTTP&quot;&#10;  },&#10;  &quot;entryInput&quot;: &quot;SFRUUC8xLjEgMjAwIE9LDQpBZ2U6IDU4MjEyMw0KQ2FjaGUtQ29udHJvbDogbWF4LWFnZT02MDQ4MDANCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpEYXRlOiBUaHUsIDI1IEp1biAyMDIwIDE2OjI4OjU5IEdNVA0KRXRhZzogIjMxNDc1MjY5NDcrZ3ppcCINCkV4cGlyZXM6IFRodSwgMDIgSnVsIDIwMjAgMTY6Mjg6NTkgR01UDQpMYXN0LU1vZGlmaWVkOiBUaHUsIDE3IE9jdCAyMDE5IDA3OjE4OjI2IEdNVA0KU2VydmVyOiBFQ1MgKGRjYi83RUM5KQ0KVmFyeTogQWNjZXB0LUVuY29kaW5nDQpYLUNhY2hlOiBISVQNCkNvbnRlbnQtTGVuZ3RoOiAxMjU0DQpDb25uZWN0aW9uOiBjbG9zZQ0KDQo8IWRvY3R5cGUgaHRtbD4KPGh0bWw+CjxoZWFkPgogICAgPHRpdGxlPkFBQUFBIERvbWFpbjwvdGl0bGU+CgogICAgPG1ldGEgY2hhcnNldD0idXRmLTgiIC8+CiAgICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LXR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSIgLz4KICAgIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CiAgICBib2R5IHsKICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjZjBmMGYyOwogICAgICAgIG1hcmdpbjogMDsKICAgICAgICBwYWRkaW5nOiAwOwogICAgICAgIGZvbnQtZmFtaWx5OiAtYXBwbGUtc3lzdGVtLCBzeXN0ZW0tdWksIEJsaW5rTWFjU3lzdGVtRm9udCwgIlNlZ29lIFVJIiwgIk9wZW4gU2FucyIsICJIZWx2ZXRpY2EgTmV1ZSIsIEhlbHZldGljYSwgQXJpYWwsIHNhbnMtc2VyaWY7CiAgICAgICAgCiAgICB9CiAgICBkaXYgewogICAgICAgIHdpZHRoOiA2MDBweDsKICAgICAgICBtYXJnaW46IDVlbSBhdXRvOwogICAgICAgIHBhZGRpbmc6IDJlbTsKICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjZmRmZGZmOwogICAgICAgIGJvcmRlci1yYWRpdXM6IDAuNWVtOwogICAgICAgIGJveC1zaGFkb3c6IDJweCAzcHggN3B4IDJweCByZ2JhKDAsMCwwLDAuMDIpOwogICAgfQogICAgYTpsaW5rLCBhOnZpc2l0ZWQgewogICAgICAgIGNvbG9yOiAjMzg0ODhmOwogICAgICAgIHRleHQtZGVjb3JhdGlvbjogbm9uZTsKICAgIH0KICAgIEBtZWRpYSAobWF4LXdpZHRoOiA3MDBweCkgewogICAgICAgIGRpdiB7CiAgICAgICAgICAgIG1hcmdpbjogMCBhdXRvOwogICAgICAgICAgICB3aWR0aDogYXV0bzsKICAgICAgICB9CiAgICB9CiAgICA8L3N0eWxlPiAgICAKPC9oZWFkPgoKPGJvZHk+CjxkaXY+CiAgICA8aDE+RXhhbXBsZSBEb21haW48L2gxPgogICAgPHA+VGhpcyBkb21haW4gaXMgZm9yIHVzZSBpbiBpbGx1c3RyYXRpdmUgZXhhbXBsZXMgaW4gZG9jdW1lbnRzLiBZb3UgbWF5IHVzZSB0aGlzCiAgICBkb21haW4gaW4gbGl0ZXJhdHVyZSB3aXRob3V0IHByaW9yIGNvb3JkaW5hdGlvbiBvciBhc2tpbmcgZm9yIHBlcm1pc3Npb24uPC9wPgogICAgPHA+PGEgaHJlZj0iaHR0cHM6Ly93d3cuaWFuYS5vcmcvZG9tYWlucy9leGFtcGxlIj5Nb3JlIGluZm9ybWF0aW9uLi4uPC9hPjwvcD4KPC9kaXY+CjwvYm9keT4KPC9odG1sPgo\u003d&quot;,&#10;  &quot;entryType&quot;: &quot;DirectEntry&quot;&#10;}"/>

If it helped could you send me your configuration file so I could investigate it? If your configuration consist of information that you don't want to share publicly, you can send it directly to me: mmmdspl(at)gmail.com gpg

[adidsec]

Thanks for the quick response, it's a slightly different location on my build and it's not a plain XML file but i've backed up the file and removed the original and it's working now :)

I'm pretty sure my config might have a backup of a previous test but if it helps, the file i did have wasn't XML, wonder if it was corrupted at some point, or could portswigger have changed the format?

example of the head of the file:

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~S??????????????????[ENTRY_17_63

[mmmds]

I checked Burp 1.7 and 2.x, both of them use XML format for extension settings. I'm not familiar with the format you attached and I have no idea why your configuration file was in such a state.