pmiaowu
commented
2 years ago 你查一下,你是不是安装了别的插件例如:HaE,不知道为什么,安装这个插件以后,会对burp的ui有破坏性,导致爆错 如果安装了,你可以这样解决
- 先安装插件,最后面安装HaE
如果没有的话 说明的jdk版本比较魔性,请自己下载源码重新编译安装
谢谢
Closed alilash-github closed 2 years ago
pmiaowu
commented
2 years ago 你查一下,你是不是安装了别的插件例如:HaE,不知道为什么,安装这个插件以后,会对burp的ui有破坏性,导致爆错 如果安装了,你可以这样解决
如果没有的话 说明的jdk版本比较魔性,请自己下载源码重新编译安装
谢谢
alilash-github
commented
2 years ago JDK11提示加载成功,但是还是爆了一堆错误,会影响扫描吗,同一个环境,隔壁同事可以扫出来,我这个就不行。。。。。。 不知道哪儿的问题。
java.lang.NullPointerException at burp.aii.T(Unknown Source) at burp.cnn.getHttpService(Unknown Source) at burp.gvg.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128) at burp.bpc.a(Unknown Source) at burp.fno.a(Unknown Source) at burp.dt2.a(Unknown Source) at burp.dt2.a(Unknown Source) at burp.jf.a(Unknown Source) at burp.guy.a(Unknown Source) at burp.dc4.b(Unknown Source) at burp.jf.addNotify(Unknown Source) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addImpl(Container.java:1146) at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730) at burp.cd6.a(Unknown Source) at burp.cd6.insertTab(Unknown Source) at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804) at burp.bxg.a(Unknown Source) at burp.guy.c(Unknown Source) at burp.guy.lambda$extensionConfigChanged$5(Unknown Source) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90) java.lang.NullPointerException at burp.aii.T(Unknown Source) at burp.cnn.getHttpService(Unknown Source) at burp.gvg.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128) at burp.bpc.a(Unknown Source) at burp.fno.a(Unknown Source) at burp.dt2.a(Unknown Source) at burp.dt2.a(Unknown Source) at burp.jf.a(Unknown Source) at burp.guy.a(Unknown Source) at burp.dc4.b(Unknown Source) at burp.jf.addNotify(Unknown Source) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addNotify(Container.java:2800) at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783) at java.desktop/java.awt.Container.addImpl(Container.java:1146) at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730) at burp.cd6.a(Unknown Source) at burp.cd6.insertTab(Unknown Source) at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804) at burp.bxg.a(Unknown Source) at burp.guy.c(Unknown Source) at burp.guy.lambda$extensionConfigChanged$5(Unknown Source) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
然后我换用了1.08版本居然可以扫出来,给我搞懵了都。。
alilash-github
commented
2 years ago 你查一下,你是不是安装了别的插件例如:HaE,不知道为什么,安装这个插件以后,会对burp的ui有破坏性,导致爆错 如果安装了,你可以这样解决
- 先安装插件,最后面安装HaE
如果没有的话 说明的jdk版本比较魔性,请自己下载源码重新编译安装
谢谢
报错按照你的方法解决了,就是HaE的锅,现在是编译的这个扫不出来,1.08的可以,各种魔性~
pmiaowu
commented
2 years ago 请注意,burp自带的插件,如果没有关闭的话,那么在低版本例如burp1.7的话,是需要排队的执行扫描任务的 可能当时没有轮到本插件扫描
如果是在burp2.x以上的话,是多线程的扫描队列,也可能因为没轮到本插件而在排队,导致暂时不显示之类的
请自己排查一下
注: burp自带的被动扫描插件大概20-30个左右=-=,插件的扫描等级是排在比较后面的,这个我没办法
alilash-github
commented
2 years ago 请注意,burp自带的插件,如果没有关闭的话,那么在低版本例如burp1.7的话,是需要排队的执行扫描任务的 可能当时没有轮到本插件扫描
如果是在burp2.x以上的话,是多线程的扫描队列,也可能因为没轮到本插件而在排队,导致暂时不显示之类的
请自己排查一下
应该都扫描到了,都能看到结果,是不是因为2版本的只有能执行command才提示+号,1版本的只有dnslog就提示+?
同一个链接两个不同版本的扫描结果:
pmiaowu
commented
2 years ago 你可以看看payload,新版本,我把不能确定rce的poc删除了 因为扫描出来,大部分人也是无法利用的
没有其它问题的话,我关闭这个issues咯
alilash-github
commented
2 years ago 好的,谢谢大佬耐心解答~
DevilMayCrying
commented
2 years ago 你查一下,你是不是安装了别的插件例如:HaE,不知道为什么,安装这个插件以后,会对burp的ui有破坏性,导致爆错 如果安装了,你可以这样解决
- 先安装插件,最后面安装HaE
如果没有的话 说明的jdk版本比较魔性,请自己下载源码重新编译安装
谢谢
确实是HaE插件的问题 可以将该插件放置最后加载,选中HaE后点burp插件那边down 放到最后加载就行了
JDK11提示加载成功,但是还是爆了一堆错误,会影响扫描吗,同一个环境,隔壁同事可以扫出来,我这个就不行。。。。。。 不知道哪儿的问题。
