search

arvinddoraiswamy / mywebappscripts

A collection of all the lists, scripts and techniques I use while doing web application penetration tests.
MIT License
168 stars 80 forks source link

Unable to add csrf token detect script to latest version of Burp #23

Closed anandumdas closed 8 years ago

anandumdas commented 8 years ago

I cannot add the csrf_token_detect.py script to latest version of Burp. It returns errors and fails.


SyntaxError: Non-ASCII character in file '/home/anandu/Burp/csrf_token_detect.py', but no encoding declared; see http://www.python.org/peps/pep-0263.html for details

    at org.python.core.Py.SyntaxError(Py.java:198)
    at org.python.core.ParserFacade.fixParseError(ParserFacade.java:105)
    at org.python.core.ParserFacade.parse(ParserFacade.java:190)
    at org.python.core.Py.compile_flags(Py.java:1956)
    at org.python.core.__builtin__.execfile_flags(__builtin__.java:527)
    at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at burp.gtd.<init>(Unknown Source)
    at burp.dze.a(Unknown Source)
    at burp.k1e.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:745)

Could you please check and revert?

By the way, many thanks for putting the efforts for these scripts.

arvinddoraiswamy commented 8 years ago

I only have access to burp 1.6.09 right now and it works on that. What's the last version you can get this working on?

On Mon, Mar 21, 2016 at 2:52 PM, anandumdas notifications@github.com wrote:

I cannot add the csrf_token_detect.py script to latest version of Burp. It returns errors and fails.

SyntaxError: Non-ASCII character in file '/home/anandu/Burp/csrf_token_detect.py', but no encoding declared; see http://www.python.org/peps/pep-0263.html for details

at org.python.core.Py.SyntaxError(Py.java:198)
at org.python.core.ParserFacade.fixParseError(ParserFacade.java:105)
at org.python.core.ParserFacade.parse(ParserFacade.java:190)
at org.python.core.Py.compile_flags(Py.java:1956)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:527)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at burp.gtd.<init>(Unknown Source)
at burp.dze.a(Unknown Source)
at burp.k1e.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/arvinddoraiswamy/mywebappscripts/issues/23

anandumdas commented 8 years ago

I have tried on 1.6 now. But it didn't work for me.

These are the steps I followed.

Goto Extender>Extension tab Click on Add Browse and load csrf_token_detect.py

And then the same error returned. Is there something I did wrong?

anandumdas commented 8 years ago

@arvinddoraiswamy I somehow solved it. There was some crappy html in my python file when I copied it from github. But now there is a new import error.


Traceback (most recent call last):
  File "/home/anandu/Burp/csrf_token_detect.py", line 18, in <module>
    import webcommon
ImportError: No module named webcommon

    at org.python.core.Py.ImportError(Py.java:328)
    at org.python.core.imp.import_first(imp.java:877)
    at org.python.core.imp.import_module_level(imp.java:972)
    at org.python.core.imp.importName(imp.java:1062)
    at org.python.core.ImportFunction.__call__(__builtin__.java:1280)
    at org.python.core.PyObject.__call__(PyObject.java:431)
    at org.python.core.__builtin__.__import__(__builtin__.java:1232)
    at org.python.core.imp.importOne(imp.java:1081)
    at org.python.pycode._pyx1.f$0(/home/anandu/Burp/csrf_token_detect.py:20)
    at org.python.pycode._pyx1.call_function(/home/anandu/Burp/csrf_token_detect.py)
    at org.python.core.PyTableCode.call(PyTableCode.java:167)
    at org.python.core.PyCode.call(PyCode.java:18)
    at org.python.core.Py.runCode(Py.java:1386)
    at org.python.core.__builtin__.execfile_flags(__builtin__.java:535)
    at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at burp.gtd.<init>(Unknown Source)
    at burp.dze.a(Unknown Source)
    at burp.k1e.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:745)
anandumdas commented 8 years ago

I have solved the webcommon import error. I know I made some stupid mistakes. But posting them here if someone finds it useful.

I have downloaded the webcommon.py module to my local, say in location /home/anandu/Burp/. Edited the csrf_token_detect.py file. Edited line 16 to module_folder = os.path.dirname('/home/anandu/Burp/') Saved and reloaded the burp extension and it worked.

arvinddoraiswamy commented 8 years ago

Glad to hear you solved it :)

On Mon, Mar 21, 2016 at 3:50 PM, anandumdas notifications@github.com wrote:

Closed #23 https://github.com/arvinddoraiswamy/mywebappscripts/issues/23 .

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/arvinddoraiswamy/mywebappscripts/issues/23#event-596900618