search

RUB-NDS / BurpSSOExtension

An extension for BurpSuite that highlights SSO messages in Burp's proxy window..
Other
117 stars 43 forks source link

XML Signature Wrapping Error #14

Open ofturanc opened 3 years ago

ofturanc commented 3 years ago

Hi,

I am using Burp 1.7.36 and started it with Java 1.8 So when I try to use Signature Wrapping from Attacker tab, I am facing the error below. How can I solve it?

Regards,

sh-3.2# java -jar burpsuite_community_v1.7.36.jar +-----------------------------------------------------------------------+ | EsPReSSO - Extension for Processing and Recognition of Single Sign-on | | Started @ 15:52:51 | +-----------------------------------------------------------------------+ [I] 15:52:51 - [burp.BurpExtender]: Tab registered. [I] 15:52:51 - [burp.BurpExtender]: Scanner registered. [I] 15:52:51 - [burp.BurpExtender]: SAML editor registered. [I] 15:52:51 - [burp.BurpExtender]: JSON editor registered. [I] 15:52:51 - [burp.BurpExtender]: JWT editor registered. [I] 15:52:51 - [burp.BurpExtender]: ExtensionStateListener registered [I] 15:52:51 - [burp.BurpExtender]: Init. complete. [D] 16:04:44 - [de.rub.nds.burp.espresso.scanner.ScanAndMarkSSO]: SAML Authentication Request [D] 16:04:44 - [de.rub.nds.burp.utilities.protocols.SAML]: Analyse: SAML with ID: xxxxxxx [D] 16:04:57 - [de.rub.nds.burp.espresso.scanner.ScanAndMarkSSO]: SAML Authentication Request [D] 16:04:57 - [de.rub.nds.burp.utilities.protocols.SAML]: Analyse: SAML with ID: xxxxxxx [D] 16:04:57 - [de.rub.nds.burp.utilities.protocols.SAML]: (SAML ) [D] 16:04:57 - [de.rub.nds.burp.utilities.protocols.SAML]: Probability: 1.0 [D] 16:05:12 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: Editor@1415845757 attached. [D] 16:05:16 - [de.rub.nds.burp.espresso.scanner.ScanAndMarkSSO]: SAML Authentication Request [D] 16:05:16 - [de.rub.nds.burp.utilities.protocols.SAML]: Analyse: SAML with ID: xxxxxxx [D] 16:05:16 - [de.rub.nds.burp.utilities.protocols.SAML]: (SAML SAML ) [D] 16:05:16 - [de.rub.nds.burp.utilities.protocols.SAML]: Probability: 1.0 [D] 16:05:16 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: Editor@1415845757 attached. [D] 16:05:17 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: Start setMessage(). [D] 16:05:17 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: Activate tabs. [D] 16:05:17 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: Begin XML deserialization.

[D] 16:05:17 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: Notify all tabs. [D] 16:05:17 - [de.rub.nds.burp.espresso.editor.saml.SAMLEditor$InputTab]: End setMessage(). java.lang.IndexOutOfBoundsException: Index: 0, Size: 0 at java.util.ArrayList.rangeCheck(ArrayList.java:657) at java.util.ArrayList.get(ArrayList.java:433) at de.rub.nds.burp.espresso.gui.attacker.saml.xsw.UISigWrapAttackInit.jButtonGenerateVectorsActionPerformed(UISigWrapAttackInit.java:353) at de.rub.nds.burp.espresso.gui.attacker.saml.xsw.UISigWrapAttackInit.access$100(UISigWrapAttackInit.java:62) at de.rub.nds.burp.espresso.gui.attacker.saml.xsw.UISigWrapAttackInit$2.actionPerformed(UISigWrapAttackInit.java:133) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2022) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2348) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:252) at java.awt.Component.processMouseEvent(Component.java:6533) at javax.swing.JComponent.processMouseEvent(JComponent.java:3324) at java.awt.Component.processEvent(Component.java:6298) at java.awt.Container.processEvent(Container.java:2236) at java.awt.Component.dispatchEventImpl(Component.java:4889) at java.awt.Container.dispatchEventImpl(Container.java:2294) at java.awt.Component.dispatchEvent(Component.java:4711) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4888) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4525) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4466) at java.awt.Container.dispatchEventImpl(Container.java:2280) at java.awt.Window.dispatchEventImpl(Window.java:2746) at java.awt.Component.dispatchEvent(Component.java:4711) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:90) at java.awt.EventQueue$4.run(EventQueue.java:731) at java.awt.EventQueue$4.run(EventQueue.java:729) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:80) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:201) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)