Closed alexlauerman closed 6 years ago
augustd
commented
6 years ago The original pattern worked for me in the unit tests and in the Java Regex Tester here:
http://www.regexplanet.com/advanced/java/index.html
I'm most interested in why it didn't work for you in Burp. Are you saying that you manually found a response with a JBoss identifier that the extension did not detect? If so, can you send the request and response and/or URL so I can test it locally?
alexlauerman
commented
6 years ago The regex test is working for me too, but it was still not working in burp.
The extension was updated today (I could see an updated UI), but after looking more, it was also throwing some errors. Reloading the extension fixed it. Sounds like some sort of bug with the way burp updates extensions, or maybe since I had to manually update the rules URL then click "load", there could be a bug with that. Alternatively, maybe I gave it the wrong URL or made some sort of user error, but I don't think so, since it loaded all the rules fine. Regardless of why, the rules appear to be fine, so I'm closing this PR.
Here was the stack trace in case you are curious.
java.lang.IndexOutOfBoundsException: **No group 2**
at java.util.regex.Matcher.group(Unknown Source)
at com.codemagi.burp.PassiveScan.runPassiveScanChecks(PassiveScan.java:126)
at com.codemagi.burp.PassiveScan.doPassiveScan(PassiveScan.java:105)
at burp.jtc.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.IllegalArgumentException: Invalid offsets: the list should be in sequence and offsets should not overlap.
at burp.re.a(Unknown Source)
at burp.re.<init>(Unknown Source)
at burp.nxh.<init>(Unknown Source)
at burp.jtc.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.IllegalArgumentException: Invalid offsets: the list should be in sequence and offsets should not overlap.
at burp.xcf.addScanIssue(Unknown Source)
at burp.z3f.addScanIssue(Unknown Source)
at burp.BurpExtender.processHttpMessage(BurpExtender.java:233)
at burp.pkf.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.IllegalArgumentException: Invalid offsets: the list should be in sequence and offsets should not overlap.
at burp.xcf.addScanIssue(Unknown Source)
at burp.z3f.addScanIssue(Unknown Source)
at burp.BurpExtender.processHttpMessage(BurpExtender.java:233)
at burp.pkf.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)This is useful: java.lang.IndexOutOfBoundsException: **No group 2** refers to the capturing group that is used to extract the actual version number for display. It is defined in the rule here:
JBoss(\s)?Web/([\d.]+(?:GA)?) 2 JBoss Webserver Low Certain 3
------------------------------^
I'm betting that you had a JBoss identifier String like JBossWeb/2.0.0 without the space between "JBoss" and "Web". Since the space ((\s)?) was never found there was only one capturing group in the resulting match. But the MatchRule was looking for group 2, hence the IndexOutOfBoundsException and a new issue was not created in the Scanner.
Thanks for this report @alexlauerman !
I'm not sure if a comment, a PR, or an issue is best for this, but the recently updated (https://github.com/augustd/burp-suite-software-version-checks/commit/2cf847877c06b5c56fe82629bb7e72a0c5d4cf51) jboss web check is not working for me. The test case are also not working for me in burp, and also not working when tested in a regex tester.
regex from repo, test cases from repo, not working: https://regex101.com/r/dFJa4h/2 fixed regex from repo, test cases from repo, working: https://regex101.com/r/dFJa4h/1 (escaped forward slash)