search

doyensec / inql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
https://doyensec.com/
Apache License 2.0
1.51k stars 156 forks source link

Permission denied when begins analyze #137

Open kody-black opened 4 months ago

kody-black commented 4 months ago

I downloaded https://github.com/doyensec/inql/releases/download/v5.0.2/InQL.jar as an extension of burp. But when I click"Generate queries with InQL Scanner“, it will pop up an error as shown in the screenshot.

Error Log

[thread#170 ui.py:34 :: visual_error()]    Got exception and converted it to popup error: '[Errno 13] Permission denied: '111.186.57.85:40472/2024-04-06_150507\\request_template.txt''
[thread#178 introspection.py:132 :: _analyze()]    Failed to create a new directory for the reports '%s' - as it already exists
[thread#178 ui.py:27 :: visual_error()]    Traceback (most recent call last):
  File "__pyclasspath__/inql/scanner/introspection.py", line 70, in analyze
    _analyze(url, filename, headers)
  File "__pyclasspath__/inql/scanner/introspection.py", line 133, in _analyze
    log.debug("Created the directory structure for the '%s'", url)
IOError: [Errno 13] Permission denied: '111.186.57.85:40472/2024-04-06_151126\\request_template.txt'

[thread#178 ui.py:34 :: visual_error()]    Got exception and converted it to popup error: '[Errno 13] Permission denied: '111.186.57.85:40472/2024-04-06_151126\\request_template.txt''

Screenshots image

IktaS commented 4 months ago

Hi, just checked this out and it seems like it's the combination of the host having a port, and windows naming restriction of not allowing colon (:). I ended up creating a fork and made a small change to replace the colon with an underscore and now the extension is working as intended https://github.com/IktaS/inql/tree/fix-windows-port-dir