dbrwsky
commented
2 years ago Hi, the extension should also work on Windows. Could you please provide more details? Did you get any error?
Closed daffainfo closed 1 year ago
dbrwsky
commented
2 years ago Hi, the extension should also work on Windows. Could you please provide more details? Did you get any error?
daffainfo
commented
2 years ago @dbrwsky yeah i have waited for a very long time but the extension does nothing. I have waited 10-15 minutes..
Scanning of https://google.com started
'C:\Users\asus\nuclei.exe' -u https://google.com -t 'C:\Users\asus\nuclei-templates' -json -nc
-----------------------------------------------------------@daffainfo
Have you also tried to run the nuclei directly from the cmd?
'C:\Users\asus\nuclei.exe' -u https://<host> -t 'C:\Users\asus\nuclei-templates' -json -nc
daffainfo
commented
2 years ago @dbrwsky yes it works if iam using CMD
dbrwsky
commented
2 years ago Ok, let's try one more thing, please run following scan from the nuclei burp extension:
'C:\Users\asus\nuclei.exe' -u https://ginandjuice.shop -t 'C:\Users\asus\nuclei-templates\misconfiguration\http-missing-security-headers.yaml' -json -nc
If that doesn't work, please give me the following information: Windows version you use, jython version and burp version then I will try to reproduce the issue on my own.
AkikoOrenji
commented
1 year ago Same here. Running your recommendation above i can see the single request to ginandjuiceshop through the proxy. No change or output from the plugin window and i can see the Nuclei executable in the process monitoring basically doing nothing. Pressing kill in the plugin closes the executable down.
Running exactly the same command from the CLI works fine and i can see the nuclei output showing the missing headers.
Burp v2022.9.6. Windows 10 and jython-standalone-2.7.2.jar
AkikoOrenji
commented
1 year ago Just found this too
java.lang.NullPointerException java.lang.NullPointerException at burp.x6e.addScanIssue(Unknown Source) at burp.lbc.addScanIssue(Unknown Source) at burp.d0_.addScanIssue(Unknown Source) at burp.s8g.addScanIssue(Unknown Source) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.python.core.PyReflectedFunction.call(PyReflectedFunction.java:190) at org.python.core.PyReflectedFunction.call(PyReflectedFunction.java:208) at org.python.core.PyObject.call(PyObject.java:477) at org.python.core.PyObject.call(PyObject.java:481) at org.python.core.PyMethod.call(PyMethod.java:141) at org.python.pycode._pyx4.parseNucleiResults$10(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py:275) at org.python.pycode._pyx4.call_function(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:168) at org.python.core.PyFunction.call(PyFunction.java:437) at org.python.core.PyMethod.call(PyMethod.java:156) at org.python.pycode._pyx4.scan$9(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py:235) at org.python.pycode._pyx4.call_function(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:306) at org.python.core.PyBaseCode.call(PyBaseCode.java:197) at org.python.core.PyFunction.call(PyFunction.java:485) at org.python.core.PyMethod.instancemethod_call(PyMethod.java:237) at org.python.core.PyMethod.call(PyMethod.java:228) at org.python.core.PyMethod.call(PyMethod.java:223) at org.python.core.PyObject._callextra(PyObject.java:589) at threading$py.run$35(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py:213) at threading$py.call_function(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:134) at org.python.core.PyFunction.call(PyFunction.java:416) at org.python.core.PyMethod.call__(PyMethod.java:126) at threading$py._Threadbootstrap$36(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py:261) at threading$py.call_function(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:306) at org.python.core.PyBaseCode.call(PyBaseCode.java:197) at org.python.core.PyFunction.call(PyFunction.java:485) at org.python.core.PyMethod.instancemethod_call(PyMethod.java:237) at org.python.core.PyMethod.call(PyMethod.java:228) at org.python.core.PyMethod.call(PyMethod.java:218) at org.python.core.PyMethod.call(PyMethod.java:213) at org.python.core.FunctionThread.run(FunctionThread.java:23)
dbrwsky
commented
1 year ago Hi @AkikoOrenji, thank you for reporting the issue. I successfully reproduce it and it looks like the extension doesn't work properly on Burp Suite Pro version 2022.9 and newer. The problem is in this line of code self._callbacks.addScanIssue(customIssue) as a workaround you can comment this line and the extension should work correctly except the functionality which adds results to the Issue tab. Alternatively you can try to use Burp Suite Pro version 2022.8.5.
I'm working for the permanent fix for this issue.
dbrwsky
commented
1 year ago The issue has been fixed in the latest commit.
Hi! thank you for your hard work in making this extension!
I want to ask is this extension only works on Linux? Because when I install this extension on my BurpSuite on windows it won't start