Support Mendix RestServices version number

augustd / burp-suite-software-version-checks

Burp extension to passively scan for applications revealing software version numbers

30 stars 17 forks source link

Support Mendix RestServices version number #55

Closed Sjord closed 6 years ago

Sjord commented 6 years ago

In JSON this looks like:

{"RestServices":"4.2.2",...

In XML this looks like:

...<RestServices>4.2.2</RestServices>...

augustd commented 6 years ago

HI @Sjord thanks for your contribution!

Can you also please add your test match strings to /src/test/resources/burp/testResponse.txt? This will allow the unit tests to pass properly.

See: https://github.com/augustd/burp-suite-software-version-checks/wiki/Creating-Match-Rules

Sjord commented 6 years ago

The tests already passed. When investigating why I found that there are two match files, and the unit tests are only run against one of those:

src/burp/match-rules.tab
src/main/resources/burp/match-rules.tab

Are there supposed to be two? Shouldn't they be in sync? Where should I add my rule?

augustd commented 6 years ago

src/main/resources/burp/match-rules.tab is the correct file.

The structure of the app had to be changed when it switched from using ant to maven for build. The old file is deprecated and was only kept around for people running older versions of the tool.

In fact, I think I will remove that now, as it has been over a year since it was changed.

Sjord commented 6 years ago

Ok, I have put the rule in the correct file and added two lines to the test file.

augustd commented 6 years ago

Awesome! Thanks!