SamJoan
commented
4 years ago We should resolve this but I'm not sure it is causing the scans to hang.
Closed SamJoan closed 4 years ago
SamJoan
commented
4 years ago We should resolve this but I'm not sure it is causing the scans to hang.
SamJoan
commented
4 years ago Scan happens here according to the stack trace:
with self.lock:
if issues:
for issue in issues: <-- here is line 198. :\
self.callbacks.addScanIssue(issue)
This is the only portion of the function that does not catch NullPointerExceptions:
def doActiveScan(self, scanner, httpRequestResponse, insertionPoint):
"""
Performs an active scan and stores issues found.
Because the scanner fails sometimes with random errors when HTTP requests timeout and etcetera, we retry a couple of times. This allows us to scan faster because we can be more resilient to errors.
Args:
scanner: a IScannerCheck object as returned by extension.getActiveScanners().
httpRequestResponse: the value to pass to doActiveScan. This should be the modified request, i.e. repeatedHttpRequestResponse.
insertionPoint: the insertionPoint to scan.
"""
retries = 5
while retries > 0:
utility.sleep(self.state, 1)
try:
issues = scanner.doActiveScan(httpRequestResponse, insertionPoint)
break
except (java.lang.Exception, java.lang.NullPointerException):
retries -= 1
logging.error("Java exception while fuzzing individual param, retrying it. %d retries left." % retries, exc_info=True)
except:
retries -= 1
logging.error("Exception while fuzzing individual param, retrying it. %d retries left." % retries, exc_info=True)
with self.lock:
if issues:
for issue in issues:
self.callbacks.addScanIssue(issue)
[INFO 2020-03-29 02:39:49,822]: Finished fuzzing https://tw.billing.yahoo.com:443/mybilling/ java.lang.NullPointerException: Response cannot be null at burp.dc0.analyzeResponse(Unknown Source) at burp.ajk.analyzeResponse(Unknown Source) at burp.DirectScannerCheck.doActiveScan(DirectScannerCheck.java:134) at jdk.internal.reflect.GeneratedMethodAccessor109.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:567) at org.python.core.PyReflectedFunction.call(PyReflectedFunction.java:186) at org.python.core.PyReflectedFunction.call(PyReflectedFunction.java:204) at org.python.core.PyObject.call(PyObject.java:496) at org.python.core.PyObject.call(PyObject.java:500) at org.python.core.PyMethod.call(PyMethod.java:156) at fuzz$py.doActiveScan$8(C:\Users\benteveo\code\benteveo-toolbox\fuzz.py:198) at fuzz$py.call_function(C:\Users\benteveo\code\benteveo-toolbox\fuzz.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.call(PyFunction.java:482) at org.python.core.PyMethod.instancemethod_call(PyMethod.java:237) at org.python.core.PyMethod.call(PyMethod.java:228) at org.python.core.PyMethod.call(PyMethod.java:223) at org.python.core.PyObject._callextra(PyObject.java:601) at utility$py.run$27(C:\Users\benteveo\code\benteveo-toolbox\utility.py:368) at utility$py.call_function(C:\Users\benteveo\code\benteveo-toolbox\utility.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.call_(PyFunction.java:482) at org.python.core.PyMethod.instancemethodcall(PyMethod.java:237) at org.python.core.PyMethod.call(PyMethod.java:228) at org.python.core.PyMethod.call(PyMethod.java:218) at org.python.core.PyMethod.call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3626) at org.python.core.PyObject._jcall(PyObject.java:3658) at org.python.proxies.utility$PythonFunctionRunnable$7.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:835)