search

ah8r / csrf

CSRF Scanner Extension for Burp Suite Pro
GNU General Public License v3.0
19 stars 17 forks source link

java.lang.StringIndexOutOfBoundsException #12

Closed Hipapheralkus closed 6 years ago

Hipapheralkus commented 6 years ago

Hi, I'm using Burp Pro 1.7.33 with CSRF Scanner 1.4. I opened the Errors in the extender and noticed following: 

java.lang.StringIndexOutOfBoundsException: String index out of range: -1
    at java.lang.String.substring(String.java:1960)
    at burp.BurpExtender.doPassiveScan(BurpExtender.java:1260)
    at burp.dhd.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:745)

I can see that it is to short information, but I don't have more. Would it be possible to fix this? I'm not sure if it is because of this extender as I use more of them at the same time, but my Active scan completely froze and it seems thread is not released to be able to continue the active scan. Thanks

ah8r commented 6 years ago

I can see the issue. I’ll issue a fix hopefully today. It appears the problem occurs when trying to parse forms when there is a form without a tag.

ah8r commented 6 years ago

@Hipapheralkus I have committed a workaround / fix which I believe should solve the problem. If not, would it be possible to share with me the HTML of the page which causes the issue?

It would actually help if you could share that HTML anyway, as I'd rather get to the bottom of why the form detection code isn't working properly in this case.

Hipapheralkus commented 6 years ago

@ah8r I tried to perform a passive scan on the project where this exception was thrown and I no longer see it with the newest update. Thanks for the fix, if it changes, I will try to write more information.