search

gh0stkey / CaA

CaA - Collector and Analyzer, Insight into information, exploring with intelligence in a thousand ways.
Apache License 2.0
673 stars 46 forks source link

加载插件时出错且burp卡住,错误如下,不止是否是因为utilities().urlUtils()处理含\u00xx Unicode编码的字符出错 #11

Closed cgddgc closed 2 months ago

cgddgc commented 2 months ago

image

gh0stkey commented 2 months ago

请问你的BurpSuite是什么版本

cgddgc commented 2 months ago

burpsuite版本2024.2.1.4稳定版

gh0stkey commented 2 months ago

可以使用下最新版本:https://github.com/gh0stkey/CaA/releases/tag/Beta0.9

cgddgc commented 2 months ago

可以使用下最新版本:https://github.com/gh0stkey/CaA/releases/tag/Beta0.9

试了还是情况一样,表现为安装插件卡住且磁盘io占用高,具体报错信息及版本如下: java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 0 in: "\u" at java.base/java.net.URLDecoder.decode(URLDecoder.java:243) at burp.Zgl8.decode(Unknown Source) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at burp.Zopg.invoke(Unknown Source) at jdk.proxy2/jdk.proxy2.$Proxy58.decode(Unknown Source) at burp.Zcei.decode(Unknown Source) at caa.instances.Collector.decodeParameter(Collector.java:268) at caa.instances.Collector.passiveAudit(Collector.java:106) at caa.instances.editor.ResponseEditor$Editor.isEnabledFor(ResponseEditor.java:80) at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) at java.base/java.lang.reflect.Method.invoke(Method.java:580) at burp.Zopg.invoke(Unknown Source) at jdk.proxy4/jdk.proxy4.$Proxy81.isEnabledFor(Unknown Source) at burp.Zaty.ZG(Unknown Source) at burp.Zc05.ZN(Unknown Source) at burp.Zbts.lambda$updateVisiblePanes$1(Unknown Source) at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:178) at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1708) at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509) at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921) at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:682) at burp.Zcg3.Zy(Unknown Source) at burp.Zcg3.ZW(Unknown Source) at burp.Zbts.ZK(Unknown Source) at burp.Zbts.ZY(Unknown Source) at burp.Zbts.ZW(Unknown Source) at burp.Zii0.ZO(Unknown Source) at burp.Zpx.Zg(Unknown Source) at burp.Zpx.Zf(Unknown Source) at burp.Zpx.lambda$extensionConfigChanged$5(Unknown Source) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:720) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:714) at java.base/java.security.AccessController.doPrivileged(AccessController.java:400) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

版本信息 image image

gh0stkey commented 2 months ago

您是打开了什么网站么?我也是使用您的对应版本Burp安装CaA并没复现相关问题,而您报错显示问题是在api.utilities().urlUtils().decode这个函数调用时发生的,但实际上此处也进行了容错处理,不应该会出现相关问题。

myqf23 commented 2 months ago

请问支持java8么,burpsuite版本2022.6.1

加载插件时出错信息如下 java.lang.ClassNotFoundException: burp.BurpExtender at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:471) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521) at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:398) at burp.kl4.e(Unknown Source) at burp.kl4.(Unknown Source) at burp.nb.F(Unknown Source) at burp.mo.lambda$panelLoaded$0(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834) image

gh0stkey commented 2 months ago

@myqf23 CaA采用了新版BurpSuite的API进行开发,因此请使用最新版BurpSuite,JDK版本也是用BurpSuite自带的就行了。