search

NetsOSS / headless-burp

Automate security tests using Burp Suite.
https://netsoss.github.io/headless-burp/
223 stars 56 forks source link

Could not parse configuration file [config.xml] (SOLVED) #24

Closed optimaldc closed 5 years ago

optimaldc commented 5 years ago

Hey,

For some reason I get an error when trying to load any of the example configs provided.

Command:

java -Xmx1G -Djava.awt.headless=true -classpath /path/to/burpsuite_pro_v2.1.04.jar burp.StartBurp --unpause-spider-and-scanner --project-file=project.burp -c config.xml -v

Note that I also tried with providing the Headless Burp Proxy .jar manually:

java -Xmx1G -Djava.awt.headless=true -classpath headless-burp-proxy-master-SNAPSHOT-jar-with-dependencies.jar:/path/to/burpsuite_pro_v2.1.04.jar burp.StartBurp --unpause-spider-and-scanner --project-file=project.burp -c config.xml -v

config.xml (unmodified example):

<?xml version="1.0" encoding="UTF-8"?>
<config>
  <reportType>JUNIT</reportType>
  <targetSitemap><![CDATA[http://localhost:20756/]]></targetSitemap>
  <scope>
    <url><![CDATA[http://localhost:20756/#/shipments]]></url>
    <url><![CDATA[http://localhost:20756/api/customers/identifiers?cacheBuster=1427106938056&searchTerm=982]]></url>
    <url><![CDATA[http://localhost:20756/#/shipments/83632855/documents]]></url>
  </scope>
  <false-positives>
    <issue>
      <type>6291632</type>
      <path><![CDATA[.*.vendor.js]]></path>
    </issue>
    <issue>
      <type>5245440</type>
      <path><![CDATA[/]]></path>
    </issue>
  </false-positives>
</config>

Stack trace:

Proxy: Proxy service started on 127.0.0.1:8080
Extender: Headless Burp: Arguments to headless burp: -c config.xml -v
Extender: Headless Burp: Could not parse commandline arguments, quitting: java.lang.RuntimeException: Could not parse configuration file [config.xml]
    at eu.nets.burp.BurpConfiguration.loadConfiguration(BurpConfiguration.java:39)
    at eu.nets.burp.BurpConfiguration.<init>(BurpConfiguration.java:26)
    at burp.BurpExtender.processCommandLineArguments(BurpExtender.java:138)
    at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:55)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at burp.f_v.lambda$registerExtenderCallbacks$0(Unknown Source)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.xml.bind.UnmarshalException: unexpected element (uri:"", local:"config"). Expected elements are <{http://nets.eu/burp/config}config>
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.handleEvent(UnmarshallingContext.java:726)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:247)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportError(Loader.java:242)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.Loader.reportUnexpectedChildElement(Loader.java:109)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext$DefaultRootLoader.childElement(UnmarshallingContext.java:1131)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext._startElement(UnmarshallingContext.java:556)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallingContext.startElement(UnmarshallingContext.java:538)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.SAXConnector.startElement(SAXConnector.java:153)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:509)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:374)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook(XMLNSDocumentScannerImpl.java:613)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:3132)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next(XMLDocumentScannerImpl.java:852)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:112)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
    at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)
    at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal0(UnmarshallerImpl.java:243)
    at com.sun.xml.internal.bind.v2.runtime.unmarshaller.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:214)
    at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:157)
    at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:162)
    at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:171)
    at javax.xml.bind.helpers.AbstractUnmarshallerImpl.unmarshal(AbstractUnmarshallerImpl.java:189)
    at eu.nets.burp.BurpConfiguration.loadConfiguration(BurpConfiguration.java:34)
    ... 13 more

 -c (--config) <file> : Configuration file
 -p (--prompt)        : Indicates whether to prompt the user to confirm the
                        shutdown (useful for debugging) (default: false)
 -v (--verbose)       : Enable verbose output (default: true)

Any ideas what could be the case here?

anandsudhir commented 5 years ago

Hmm, that is very strange. Never had this fail before. The headless-burp-proxy pl;uigin doesnt take or need the -c param. I'm guessing you loaded the plugin via the bapp store? If you used the bapp store version, you will need to specific the namespace unfortunately., for e.g. <config xmlns="http://nets.eu/burp/config">

If not, What version of java are you using? Also, did you build the jar yourself?

optimaldc commented 5 years ago

Hey, adding the xlmns-attribute to config-tag solved the problem: <config xmlns="http://nets.eu/burp/config">

Thank you for help! I will mark this as solved.

optimaldc commented 5 years ago

Could @anandsudhir add this also to the documentation? Would be helpful :)

anandsudhir commented 5 years ago

Absolutely. I'm also trying to get the newer version released on the bapp store. In the meanwhile though, I totally agree with you. I'll make a task to add this info to the readme :)