search

modzero / mod0BurpUploadScanner

HTTP file upload scanner for Burp Proxy
Other
480 stars 138 forks source link

Bug #76

Open DanMcInerney opened 4 years ago

DanMcInerney commented 4 years ago 
Traceback (most recent call last):
  File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 981, in doActiveScan
    self.do_checks(injector)
  File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1121, in do_checks
    colab_tests.extend(self._xxe_office(injector, burp_colab))
  File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 1121, in do_checks
    colab_tests.extend(self._xxe_office(injector, burp_colab))
  File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 2631, in _xxe_office
    c = self._send_collaborator(injector, burp_colab, types, basename, content, issue,
  File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4294, in _send_collaborator
    urr = self._make_http_request(injector, req, redownload_filename=x)
  File "C:\Users\dan\AppData\Roaming\BurpSuite\bapps\b2244cbb6953442cb3c82fa0a0d908fa\UploadScanner.py", line 4380, in _make_http_request
    attack = self._callbacks.makeHttpRequest(service, req)
NullPointerException: java.lang.NullPointerException

Upload Scanner Version: 1.0.8

Extension code location: doActiveScan
Jython version: 2.7.0 (default:9987c746f838, Apr 29 2015, 02:25:11) 
[OpenJDK 64-Bit Server VM (Oracle Corporation)]
Java version: 14
Burp version: Burp Suite Professional 2020 9.2
Command line arguments: 
Was loaded from BApp: True
Request: 'POST /api/v1/xxxx/ HTTP/1.1\r\nHost: xxxx\r\nUser-Agent: Mozilla/5.0
(Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
root@myof3ucdn36n7pjdn667745mpdv9p9dy.burpcollaborator.net\r\nAccept: application/json, text/plain,
*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nCache-Control: no-
transform\r\nPragma: no-cache\r\nX-CSRFToken:
Ajrxe2HgCGGOehwaJNoRwfnfcXMF6gDKayNB0m1QftVk8oYlx1nlZNKrpl02WgOm\r\nContent-Type: multipart/form-
data; boundary=---------------------------127764582316186539414222681358\r\nContent-Length:
227\r\nOrigin: xxx\r\nConnection: close\r\nReferer:
http://bjy4ojx28srcse428vrwstqba2gyasyh.burpcollaborator.net/ref\r\nCookie: OptanonConsent=isIABGlob
al=false&datestamp=Fri+Oct+30+2020+10%3A24%3A15+GMT-0600+(Mountain+Daylight+Time)&version=5.11.0&lan
dingPath=NotLandingPage&groups=1%3A1%2C3%3A1%2C4%3A1&hosts=&AwaitingReconsent=false;
_ga=GA1.2.204400...