Closed yxw21 closed 1 year ago
Apologies for the late reply. We are aware of this issue, and it will be resolved in a future release of Burp.
Hi, which version is expected to solve this problem
The issue with requests and responses not being reported should be resolved in v2023.1 - our current Early Adopter channel release.
Hi How to add url scanning in the new api version. Older versions can do this.
Scan scan = api.scanner().createScan();
scan.addUrl(Args.args.url.toString());
We removed addUrl as it was confusing to what it actually did (Ie did it do a crawl of the url or and audit on the base response).
We will be adding a new API in the future for Crawl And Audit, which will crawl a url and audit it (Similar to what burp does from he UI).
To answer your question depends on what you wanted. If you wanted to crawl the URL you can use
Crawl crawl = api.scanner.startCrawl(crawlConfiguration(url));
If you wanted to audit the base response when making a request to that URL you can use
Audit audit = api.scanner.startAudit(auditConfiguration(LEGACY_ACTIVE_AUDIT_CHECKS));
audit.addRequest(httpRequest(url));
Thanks for your quick reply, I found a new problem, can you check it
if (auditIssues.size() > 0) {
// args.format = HTML, Path.of(args.output) = 123.html
api.scanner().generateReport(auditIssues, args.format, Path.of(args.output));
}
java.lang.IllegalArgumentException: Invalid offsets: the list should be in sequence and offsets should not overlap.
at burp.kko.W(Unknown Source)
at burp.kko.<init>(Unknown Source)
at burp.z7c.<init>(Unknown Source)
at burp.jpi.lambda$generateReport$1(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
at burp.jpi.generateReport(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at burp.kjm.invoke(Unknown Source)
at jdk.proxy2/jdk.proxy2.$Proxy20.generateReport(Unknown Source)
at burp.w5e.generateReport(Unknown Source)
new error message
java.lang.NullPointerException: Cannot invoke "burp.api.montoya.http.message.responses.HttpResponse.withMarkers(java.util.List)" because "<local5>" is null
at burp.an3.E(Unknown Source)
at burp.jb2.j(Unknown Source)
at burp.aa2.lambda$requestResponses$0(Unknown Source)
at burp.z11.D(Unknown Source)
at burp.z13.D(Unknown Source)
at burp.aa2.lambda$requestResponses$1(Unknown Source)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:596)
at burp.t0.k(Unknown Source)
at burp.t0.K(Unknown Source)
at burp.aa2.requestResponses(Unknown Source)
at burp.z7c.<init>(Unknown Source)
at burp.jpi.lambda$generateReport$1(Unknown Source)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1625)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682)
at burp.jpi.generateReport(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at burp.kjm.invoke(Unknown Source)
at jdk.proxy2/jdk.proxy2.$Proxy20.generateReport(Unknown Source)
at burp.w5e.generateReport(Unknown Source)
Hi. Could you drop us an email at support@portswigger.net with some more information so that we can look into this further, please?
@Hannah-PortSwigger I am seeing this exception: https://github.com/PortSwigger/burp-extensions-montoya-api/issues/11#issuecomment-1384779615 as well...
exception happens when this method is called: burpApi.scanner().generateReport()
this is my code:
public class IssueHandler implements AuditIssueHandler {
private final MontoyaApi burpApi;
private final Set<AuditIssue> auditIssueList = new HashSet<>();
public IssueHandler(final MontoyaApi api) {
burpApi = api;
}
@Override
public synchronized void handleNewAuditIssue(final AuditIssue auditIssue) {
final File reportFile = new File(<filepath>);
auditIssueList.add(auditIssue);
Logger.info("IssueHandler: writing new issue to report-file");
if (reportFile.getName().endsWith("html")) {
burpApi.scanner().generateReport(new ArrayList<>(auditIssueList), ReportFormat.HTML, reportFile.toPath());
} else {
burpApi.scanner().generateReport(new ArrayList<>(auditIssueList), ReportFormat.XML, reportFile.toPath());
}
}
}
burp version == Burp Suite Professional 2023.1.1-18663 montoya-api version == 1.0.0
UPDATE2: - exception is still thrown with latest version of montoya-api:2023.2 and burp v. 2023.2-18958
Hi.
Thanks for this information. We've been able to replicate this issue and have a bug ticket raised. We will be looking at resolving this issue, and other report-related issues, soon.
Hi. @Hannah-PortSwigger
Has this problem been solved now?
Hi. @Hannah-PortSwigger
Has this problem been solved now?
The changes are not included in v2023.2.2. They should be present in our upcoming 2023.3 release.
Scanner.generateReport
After I update burpsuite to version
2022.9.5
, thehtml
generated byScanner.generateReport
will be missing some important information2022.9.5
2022.8.5
Audit.issues
Pseudo code
refer #9