Hi--first of all, thank you for the work that has gone into this very useful extension!
I'm getting a RuntimeException saying "can't find header" when using Guess Headers; apologies if I'm just doing something wrong here, but would greatly appreciate any help! Please let me know if I can provide any other information.
Steps to replicate
Set up the following request in the Repeater tab to portswigger.net:443
GET /content/images/logos/portswigger-logo.svg HTTP/2
Host: portswigger.net
Accept: */*
Right-click and select Extensions > Guess headers
Leave default options and click OK
Go to Extender tab and see the following output:
Using albinowaxUtils v0.22
Loaded Param Miner v1.28
CACHE_ONLY false
Updating active thread pool size to 8
Queued 1 attacks
header locating fail: TCZqBcS13SA8QRCpW
'GET /content/images/logos/portswigger-logo.svg HTTP/2
Host: portswigger.net
Accept: */*'
Attack aborted by exception
Error in thread: Can't find the header: TCZqBcS13SA8QRCpW. See error pane for stack trace.
and the following in the Errors tab:
java.lang.RuntimeException: Can't find the header: TCZqBcS13SA8QRCpW
at burp.Utilities.setHeader(Utilities.java:949)
at burp.HeaderNameInsertionPoint.buildBulkRequest(BurpExtender.java:407)
at burp.ParamNameInsertionPoint.buildRequest(BurpExtender.java:306)
at burp.PayloadInjector.probeAttack(PayloadInjector.java:152)
at burp.ParamAttack.updateBaseline(ParamAttack.java:278)
at burp.ParamAttack.<init>(ParamAttack.java:135)
at burp.ParamGuesser.run(ParamGuesser.java:75)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
Hi--first of all, thank you for the work that has gone into this very useful extension!
I'm getting a RuntimeException saying "can't find header" when using Guess Headers; apologies if I'm just doing something wrong here, but would greatly appreciate any help! Please let me know if I can provide any other information.
Steps to replicate
portswigger.net:443
and the following in the Errors tab:
Environment