malerisch / burp-csj Goto Github PK
View Code? Open in Web Editor NEWBurpCSJ extension for Burp Pro - Crawljax Selenium JUnit integration
License: MIT License
BurpCSJ extension for Burp Pro - Crawljax Selenium JUnit integration
License: MIT License
First of all great job on this plugin!
When I send a URL to Crawljax with Firefox set, Firefox just starts up with no address in the address bar. With Chrome and chrome driver it works fine. How can I get it working with Firefox?
dead link:
Chrome driver: https://code.google.com/p/chromedriver/downloads/list
I believe it is due to OSX using Java6 as a default install and the extension being compiled for Minimum Java7. Installing Java7 on OSX will cause numerous applications to fail and is not supported by Apple.
Here is the Error Provided:
java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 51.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:249)
at burp.urc.a(Unknown Source)
at burp.urc.(Unknown Source)
at burp.huc.a(Unknown Source)
at burp.buc.run(Unknown Source)
at java.lang.Thread.run(Thread.java:680)
Dear sir
i have download source code from github
but how to run project
from which java file i want choose to run from project source code
I believe it is due to OSX using Java6 as a default install and the extension being compiled for Minimum Java7. Installing Java7 on OSX will cause numerous applications to fail and is not supported by Apple.
Here is the Error Provided:
java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 51.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:249)
at burp.urc.a(Unknown Source)
at burp.urc.(Unknown Source)
at burp.huc.a(Unknown Source)
at burp.buc.run(Unknown Source)
at java.lang.Thread.run(Thread.java:680)
I tried to compile the extension from your source with the libs of your BApp Store installation.
I checked twice and javax.inject.provider is loaded in netbeans.
Crawljax Thread started
java.lang.NoClassDefFoundError: javax/inject/Provider
at malerisch.StartCrawling$ThreadCrawljax.run(StartCrawling.java:40)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassNotFoundException: javax.inject.Provider
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
... 2 more
Setup:
Product Version: NetBeans IDE 7.0.1 (Build 20120219-unknown-revn)
Java: 1.7.0_79; OpenJDK 64-Bit Server VM 24.79-b02
System: Linux version 3.18.0-kali3-amd64 running on amd64; UTF-8; en_ZM (nb)
Do you have any idea how to solve this problem?
I'm testing burp-csj for the first time and I want to access one url behind a login form. However, burp-csj is not sending any cookies (I can see the cookie in the cookie jar and I can see Burp scanner sending them). I recorded the transaction with Fiddler and I can see a couple of requests (then crawlJax stop) and no request have the cookie. What could cause that ?
I have Burp Suite Pro 1.5.16.
Running on Ubuntu 16.10 Linux/64 when executing "Send URL to Crawljax" Firefox pops up for a while with a blank screen, and after a while it disappears again.
The same problem occurs for a user on Windows: https://support.portswigger.net/customer/portal/questions/16811695-burp-csj
Chromedriver appears to work nicely.
Updated 12/16 :Still having issues with firefox. I was able to get chromedriver to work. java checks for chrome in a few places so I just dropped the binary there. Here is my script:
@echo off
echo this includes:
echo portable java 8 64bit
echo python support in burp
echo other plugins :)
echo rmccurdy.com
echo killing java and firefox
taskkill /F /IM java.exe
taskkill /F /IM javaw.exe
taskkill /F /IM firefox.exe
taskkill /F /IM chrome.exe
taskkill /F /IM GoogleChromePortable
echo flushing DNS cache
ipconfig /flushdns
echo setting up config/bapp plugins ( this overwrites any and all settings in "%userprofile%\AppData\Roaming\BurpSuite"
mkdir "%userprofile%\AppData\Roaming\BurpSuite"
xcopy /q /y /s /i ".\_BAPPS" "%userprofile%\AppData\Roaming\BurpSuite"
echo setting up RDP timeouts to 0
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\DefaultUserConfiguration" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\DefaultUserConfiguration" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console" /v MaxDisconnectionTime /t REG_DWORD /d "0" /f
reg add "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console" /v MaxIdleTime /t REG_DWORD /d "0" /f
echo updateing setting path to firefox for cralwjax
path %PATH%;%CD%\FirefoxPortable_33\App\Firefox;%CD%\GoogleChromePortable\App\Chrome-bin
rem start firefox.exe
start chrome.exe
REM echo cleaning config
REM regedit /s INIT_WIPE_CONFIG.reg
REM echo importing config
REM regedit /s INIT_BASE_CONFIG.reg
REM echo importing licence file
REM regedit /s H:\PRIVATE\BURP\rmccurdyATkpmgDOTcom_OCT_2014.reg
echo listing latest burp suite jar files
for %%a in (dir/s /OD burpsu*.jar) do (
set var1=%%a
)
cd java
cd bin
echo starting latest burp suite
rem MORE RAM ! start javaw -Xms500m -Xmx500m -XX:MaxPermSize=500m -jar ..\..\%var1%
cd .\GoogleChromePortable\App\Chrome-bin\
start javaw -Xms2000m -Xmx2000m -XX:MaxPermSize=2000m -jar ..\..\%var1%
rem java -classpath ../../burp.jar;../../BurpProxyExtender.jar burp.StartBurp
======================================================================================
start firefox.exe ( from portable apps )
set proxy settings
import burp SSL cert
close firefox
start crawljax
firefox starts but says invalid cert but still uses burp proxy settings ..
it may have something to do with the way firefox is started and some how told not to use imported certs ?
I need a way to import certs into portable firefox maybe dump key files some place ? https://mike.kaply.com/2015/02/10/installing-certificates-into-firefox/ ?
when I rename portablefirefox.exe to firefox.exe portable firefox passes commandline option -profile %PATH% and I get errors from firefox when crawljax launches the EXE
I have no issues using normal installed firefox not sure what the difference is
This is what happends when I set path to firefox.exe in %PATH% maybe something in the command line is breaking the usage of my imported certs some how
"C:\BurpPortable\FirefoxPortable\App\Firefox64\firefox.exe" -contentproc --channel="3244.20.1003889084\86971383" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:30|35:5|36:30|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:1|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:1|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:1|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:0|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332; ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵ ‐’․‧ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻ 。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞./。ᅠ�|159:4;high|194:38;{588d95b0-3558-49b0-abc9-b3faa3231d71}|" -schedulerPrefs 0001,2 -greomni "C:\BurpPortable\FirefoxPortable\App\Firefox64\omni.ja" -appomni "C:\BurpPortable\FirefoxPortable\App\Firefox64\browser\omni.ja" -appdir "C:\BurpPortable\FirefoxPortable\App\Firefox64\browser" 3244 - tab
Thanks for the best burp plugin EVER ! ( ill be working on this and making a few more idiot proof videos later ..that is if I get it mostly working portable )
Hi,
Environment: Kali Linux, Burp Pro 1.7.36, Java 1.8. Extension is loaded sucesfully.
Target: a bitnami wordpress website just to replicate your video.
Issue
When I send the requrest to the Crawler a new Firefox instance is started, stays there for a couple of seconds then it closes. The crawler says everything is okay and he is doing its job but it doesn't seems so.
Can you confirm this extension actually still works with the latest Burp version or is a dead project?
Thanks.
There is a problem with the BurpCSJ extension:
I have installed the extension via the BApp Store and tried to crawl an URL but this error orcurred:
Crawljax Thread started
Setting exclusion for builder exit
Setting exclusion for builder signout
Setting exclusion for builder signoff
Setting exclusion for builder logoff
Setting exclusion for builder logout
11:57:06.064 [Thread-19] WARN - No plugins loaded. There will be no output
com.google.inject.ProvisionException: Guice provision errors:
1) Error in custom provider, org.openqa.selenium.WebDriverException: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows:
null
Build info: version: '2.44.0', revision: '76d78cf323ce037c5f92db6c1bba601c2ac43ad8', time: '2014-10-23 13:11:40'
System info: host: 'kali', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '3.18.0-kali3-amd64', java.version: '1.7.0_79'
Driver info: driver.version: FirefoxDriver
at com.crawljax.di.ConfigurationModule.configure(ConfigurationModule.java:47)
while locating com.crawljax.browser.EmbeddedBrowser
for parameter 0 at com.crawljax.core.CrawlerContext.<init>(CrawlerContext.java:32)
while locating com.crawljax.core.CrawlerContext
for parameter 0 at com.crawljax.core.Crawler.<init>(Crawler.java:73)
while locating com.crawljax.core.Crawler
for parameter 2 at com.crawljax.core.CrawlTaskConsumer.<init>(CrawlTaskConsumer.java:30)
while locating com.crawljax.core.CrawlTaskConsumer
1 error
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:987)
at com.crawljax.core.CrawlController.call(CrawlController.java:65)
at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
at malerisch.SetupCrawljax.Start(SetupCrawljax.java:257)
at malerisch.StartCrawling$ThreadCrawljax.run(StartCrawling.java:43)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.openqa.selenium.WebDriverException: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows:
null
Build info: version: '2.44.0', revision: '76d78cf323ce037c5f92db6c1bba601c2ac43ad8', time: '2014-10-23 13:11:40'
System info: host: 'kali', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '3.18.0-kali3-amd64', java.version: '1.7.0_79'
Driver info: driver.version: FirefoxDriver
at org.openqa.selenium.firefox.internal.NewProfileExtensionConnection.start(NewProfileExtensionConnection.java:134)
at org.openqa.selenium.firefox.FirefoxDriver.startClient(FirefoxDriver.java:246)
at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:114)
at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:191)
at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:186)
at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:182)
at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:99)
at malerisch.SetupCrawljax$MyCustomBrowser.newFirefoxBrowser(SetupCrawljax.java:98)
at malerisch.SetupCrawljax$MyCustomBrowser.get(SetupCrawljax.java:63)
at malerisch.SetupCrawljax$MyCustomBrowser.get(SetupCrawljax.java:55)
at com.google.inject.util.Providers$2.get(Providers.java:84)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
... 5 more
Caused by: org.openqa.selenium.WebDriverException: java.lang.NullPointerException
Build info: version: '2.44.0', revision: '76d78cf323ce037c5f92db6c1bba601c2ac43ad8', time: '2014-10-23 13:11:40'
System info: host: 'kali', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '3.18.0-kali3-amd64', java.version: '1.7.0_79'
Driver info: driver.version: FirefoxDriver
at org.openqa.selenium.firefox.internal.FileExtension.readIdFromInstallRdf(FileExtension.java:141)
at org.openqa.selenium.firefox.internal.FileExtension.writeTo(FileExtension.java:60)
at org.openqa.selenium.firefox.internal.ClasspathExtension.writeTo(ClasspathExtension.java:63)
at org.openqa.selenium.firefox.FirefoxProfile.installExtensions(FirefoxProfile.java:425)
at org.openqa.selenium.firefox.FirefoxProfile.layoutOnDisk(FirefoxProfile.java:403)
at org.openqa.selenium.firefox.internal.NewProfileExtensionConnection.start(NewProfileExtensionConnection.java:89)
... 31 more
Caused by: java.lang.NullPointerException
at javax.xml.xpath.XPathFactoryFinder._newFactory(XPathFactoryFinder.java:220)
at javax.xml.xpath.XPathFactoryFinder.newFactory(XPathFactoryFinder.java:141)
at javax.xml.xpath.XPathFactory.newInstance(XPathFactory.java:182)
at javax.xml.xpath.XPathFactory.newInstance(XPathFactory.java:96)
at org.openqa.selenium.firefox.internal.FileExtension.readIdFromInstallRdf(FileExtension.java:99)
... 36 more
Setup:
Kali GNU/Linux 1.1.0
Java 1.7 Openjdk
Tested on Icewasle 31.5.3, Icewasle 31.6.0, Icewasle 31.7.0, Firefox 38.0.1
(all with a linked /usr/bin/firefox)
Do you have any idea how to solve it?
Firefox 65.0.1
MacOS Mojave 10.14.2
Installed via BApp store
Firefox quit unexpectedly
Process: firefox-bin [15638]
Path: /Applications/Firefox.app/Contents/MacOS/firefox-bin
Identifier: org.mozilla.firefox
Version: 65.0.1 (6519.2.11)
Code Type: X86-64 (Native)
Parent Process: JavaApplicationStub [14745]
Responsible: firefox-bin [15638]
User ID: 541686911
Date/Time: 2019-03-16 15:51:53.567 -0400
OS Version: Mac OS X 10.14.2 (18C54)
Report Version: 12
Bridge OS Version: 3.2 (16P2542)
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [15638]
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.