malerisch / burp-csj Goto Github PK

First of all great job on this plugin!

When I send a URL to Crawljax with Firefox set, Firefox just starts up with no address in the address bar. With Chrome and chrome driver it works fine. How can I get it working with Firefox?

dead link:

Chrome driver: https://code.google.com/p/chromedriver/downloads/list

I believe it is due to OSX using Java6 as a default install and the extension being compiled for Minimum Java7. Installing Java7 on OSX will cause numerous applications to fail and is not supported by Apple.

Here is the Error Provided:

java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 51.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:249)
at burp.urc.a(Unknown Source)
at burp.urc.(Unknown Source)
at burp.huc.a(Unknown Source)
at burp.buc.run(Unknown Source)
at java.lang.Thread.run(Thread.java:680)

Dear sir
i have download source code from github
but how to run project
from which java file i want choose to run from project source code

I believe it is due to OSX using Java6 as a default install and the extension being compiled for Minimum Java7. Installing Java7 on OSX will cause numerous applications to fail and is not supported by Apple.

Here is the Error Provided:

java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 51.0
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(ClassLoader.java:631)
at java.lang.ClassLoader.defineClass(ClassLoader.java:615)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:249)
at burp.urc.a(Unknown Source)
at burp.urc.(Unknown Source)
at burp.huc.a(Unknown Source)
at burp.buc.run(Unknown Source)
at java.lang.Thread.run(Thread.java:680)

I tried to compile the extension from your source with the libs of your BApp Store installation.
I checked twice and javax.inject.provider is loaded in netbeans.

Crawljax Thread started
java.lang.NoClassDefFoundError: javax/inject/Provider
    at malerisch.StartCrawling$ThreadCrawljax.run(StartCrawling.java:40)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.ClassNotFoundException: javax.inject.Provider
    at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    ... 2 more

Setup:
Product Version: NetBeans IDE 7.0.1 (Build 20120219-unknown-revn)
Java: 1.7.0_79; OpenJDK 64-Bit Server VM 24.79-b02
System: Linux version 3.18.0-kali3-amd64 running on amd64; UTF-8; en_ZM (nb)

Do you have any idea how to solve this problem?

I'm testing burp-csj for the first time and I want to access one url behind a login form. However, burp-csj is not sending any cookies (I can see the cookie in the cookie jar and I can see Burp scanner sending them). I recorded the transaction with Fiddler and I can see a couple of requests (then crawlJax stop) and no request have the cookie. What could cause that ?

I have Burp Suite Pro 1.5.16.

Running on Ubuntu 16.10 Linux/64 when executing "Send URL to Crawljax" Firefox pops up for a while with a blank screen, and after a while it disappears again.

The same problem occurs for a user on Windows: https://support.portswigger.net/customer/portal/questions/16811695-burp-csj

Chromedriver appears to work nicely.

Updated 12/16 :Still having issues with firefox. I was able to get chromedriver to work. java checks for chrome in a few places so I just dropped the binary there. Here is my script:

@echo off

echo this includes:
echo portable java 8 64bit
echo python support in burp
echo other plugins :)
echo rmccurdy.com


 
echo killing java and firefox
taskkill /F /IM java.exe
taskkill /F /IM javaw.exe
taskkill /F /IM firefox.exe
taskkill /F /IM chrome.exe
taskkill /F /IM GoogleChromePortable


echo flushing DNS cache
ipconfig /flushdns



echo setting up config/bapp plugins ( this overwrites any and all settings in  "%userprofile%\AppData\Roaming\BurpSuite"

mkdir "%userprofile%\AppData\Roaming\BurpSuite"


xcopy /q /y /s /i ".\_BAPPS" "%userprofile%\AppData\Roaming\BurpSuite"

echo setting up RDP timeouts to 0 


 
reg add  "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\Console" /v MaxIdleTime /t REG_DWORD /d "0" /f

reg add  "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\DefaultUserConfiguration" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\Console" /v MaxIdleTime /t REG_DWORD /d "0" /f

reg add  "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\DefaultUserConfiguration" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\DefaultUserConfiguration" /v MaxIdleTime /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console" /v MaxDisconnectionTime  /t REG_DWORD /d "0" /f
reg add  "HKLM\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\Console" /v MaxIdleTime /t REG_DWORD /d "0" /f

echo updateing setting path to firefox for cralwjax 
path %PATH%;%CD%\FirefoxPortable_33\App\Firefox;%CD%\GoogleChromePortable\App\Chrome-bin

rem start firefox.exe
start chrome.exe
 
 
 
 
 
 

REM echo cleaning config
REM regedit /s INIT_WIPE_CONFIG.reg
 
REM echo importing config
REM regedit /s INIT_BASE_CONFIG.reg

REM echo importing licence file
REM regedit /s H:\PRIVATE\BURP\rmccurdyATkpmgDOTcom_OCT_2014.reg

 
 

 

 

 
echo listing latest burp suite jar files
for  %%a in (dir/s /OD burpsu*.jar) do (
set var1=%%a
) 
 
cd java
cd bin

 

echo starting latest burp suite
 

rem MORE RAM ! start javaw -Xms500m -Xmx500m -XX:MaxPermSize=500m -jar  ..\..\%var1%
cd .\GoogleChromePortable\App\Chrome-bin\


start javaw -Xms2000m -Xmx2000m -XX:MaxPermSize=2000m -jar  ..\..\%var1%
  

rem java -classpath ../../burp.jar;../../BurpProxyExtender.jar burp.StartBurp

  

======================================================================================

• start firefox.exe ( from portable apps )

• set proxy settings

• import burp SSL cert

• close firefox

• start crawljax

• firefox starts but says invalid cert but still uses burp proxy settings ..

• it may have something to do with the way firefox is started and some how told not to use imported certs ?

• I need a way to import certs into portable firefox maybe dump key files some place ? https://mike.kaply.com/2015/02/10/installing-certificates-into-firefox/ ?

• when I rename portablefirefox.exe to firefox.exe portable firefox passes commandline option -profile %PATH% and I get errors from firefox when crawljax launches the EXE

• I have no issues using normal installed firefox not sure what the difference is

This is what happends when I set path to firefox.exe in %PATH% maybe something in the command line is breaking the usage of my imported certs some how

"C:\BurpPortable\FirefoxPortable\App\Firefox64\firefox.exe" -contentproc --channel="3244.20.1003889084\86971383" -childID 3 -isForBrowser -intPrefs 5:50|6:-1|28:1000|34:30|35:5|36:30|45:128|46:10000|51:0|53:400|54:1|55:0|56:0|61:0|62:120|63:120|98:2|99:1|114:5000|124:0|126:0|137:10000|149:-1|154:128|155:10000|156:0|162:24|163:32768|165:0|166:0|174:1|178:1048576|179:100|180:5000|182:600|184:1|193:3|197:0|206:60000| -boolPrefs 1:0|2:0|4:1|26:1|27:1|30:0|33:1|37:1|38:0|39:0|40:0|43:1|44:1|47:0|48:0|49:0|50:0|52:0|57:1|58:1|59:0|60:1|64:1|65:1|66:0|67:1|68:1|69:0|70:1|73:0|74:0|77:1|78:1|82:1|83:1|84:1|85:0|86:0|88:0|89:0|90:1|91:0|92:1|95:1|97:0|100:1|101:0|108:0|113:0|116:1|119:1|121:1|125:0|128:1|131:1|132:1|138:1|139:0|140:1|142:0|148:0|150:1|151:0|152:1|153:1|160:0|161:0|164:1|167:0|169:1|171:1|172:0|177:0|181:1|186:0|187:0|188:0|189:1|190:0|191:1|192:0|195:0|198:0|199:0|200:1|201:1|202:0|203:1|204:1|205:1|207:0|208:0|210:0|218:1|219:1|220:0|221:0|222:0| -stringPrefs "3:7;release|96:0;|141:3;1.0|158:332;  ¼½¾ǃː̷̸։֊׃״؉؊٪۔܁܂܃܄ᅟᅠ᜵           ​‎‏‐’․‧

‪‫‬‭‮ ‹›⁁⁄⁒ ⅓⅔⅕⅖⅗⅘⅙⅚⅛⅜⅝⅞⅟∕∶⎮╱⧶⧸⫻⫽⿰⿱⿲⿳⿴⿵⿶⿷⿸⿹⿺⿻　。〔〕〳゠ㅤ㈝㈞㎮㎯㏆㏟꞉︔︕︿﹝﹞．／｡ﾠ�|159:4;high|194:38;{588d95b0-3558-49b0-abc9-b3faa3231d71}|" -schedulerPrefs 0001,2 -greomni "C:\BurpPortable\FirefoxPortable\App\Firefox64\omni.ja" -appomni "C:\BurpPortable\FirefoxPortable\App\Firefox64\browser\omni.ja" -appdir "C:\BurpPortable\FirefoxPortable\App\Firefox64\browser" 3244 - tab

Thanks for the best burp plugin EVER ! ( ill be working on this and making a few more idiot proof videos later ..that is if I get it mostly working portable )

Hi,

Environment: Kali Linux, Burp Pro 1.7.36, Java 1.8. Extension is loaded sucesfully.

Target: a bitnami wordpress website just to replicate your video.

Issue

When I send the requrest to the Crawler a new Firefox instance is started, stays there for a couple of seconds then it closes. The crawler says everything is okay and he is doing its job but it doesn't seems so.

Can you confirm this extension actually still works with the latest Burp version or is a dead project?

Thanks.

There is a problem with the BurpCSJ extension:

I have installed the extension via the BApp Store and tried to crawl an URL but this error orcurred:

Crawljax Thread started
Setting exclusion for builder exit
Setting exclusion for builder signout
Setting exclusion for builder signoff
Setting exclusion for builder logoff
Setting exclusion for builder logout
11:57:06.064 [Thread-19] WARN  - No plugins loaded. There will be no output
com.google.inject.ProvisionException: Guice provision errors:

1) Error in custom provider, org.openqa.selenium.WebDriverException: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows: 
null
Build info: version: '2.44.0', revision: '76d78cf323ce037c5f92db6c1bba601c2ac43ad8', time: '2014-10-23 13:11:40'
System info: host: 'kali', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '3.18.0-kali3-amd64', java.version: '1.7.0_79'
Driver info: driver.version: FirefoxDriver
  at com.crawljax.di.ConfigurationModule.configure(ConfigurationModule.java:47)
  while locating com.crawljax.browser.EmbeddedBrowser
    for parameter 0 at com.crawljax.core.CrawlerContext.<init>(CrawlerContext.java:32)
  while locating com.crawljax.core.CrawlerContext
    for parameter 0 at com.crawljax.core.Crawler.<init>(Crawler.java:73)
  while locating com.crawljax.core.Crawler
    for parameter 2 at com.crawljax.core.CrawlTaskConsumer.<init>(CrawlTaskConsumer.java:30)
  while locating com.crawljax.core.CrawlTaskConsumer

1 error
    at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:987)
    at com.crawljax.core.CrawlController.call(CrawlController.java:65)
    at com.crawljax.core.CrawljaxRunner.call(CrawljaxRunner.java:37)
    at malerisch.SetupCrawljax.Start(SetupCrawljax.java:257)
    at malerisch.StartCrawling$ThreadCrawljax.run(StartCrawling.java:43)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.openqa.selenium.WebDriverException: Failed to connect to binary FirefoxBinary(/usr/bin/firefox) on port 7055; process output follows: 
null
Build info: version: '2.44.0', revision: '76d78cf323ce037c5f92db6c1bba601c2ac43ad8', time: '2014-10-23 13:11:40'
System info: host: 'kali', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '3.18.0-kali3-amd64', java.version: '1.7.0_79'
Driver info: driver.version: FirefoxDriver
    at org.openqa.selenium.firefox.internal.NewProfileExtensionConnection.start(NewProfileExtensionConnection.java:134)
    at org.openqa.selenium.firefox.FirefoxDriver.startClient(FirefoxDriver.java:246)
    at org.openqa.selenium.remote.RemoteWebDriver.<init>(RemoteWebDriver.java:114)
    at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:191)
    at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:186)
    at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:182)
    at org.openqa.selenium.firefox.FirefoxDriver.<init>(FirefoxDriver.java:99)
    at malerisch.SetupCrawljax$MyCustomBrowser.newFirefoxBrowser(SetupCrawljax.java:98)
    at malerisch.SetupCrawljax$MyCustomBrowser.get(SetupCrawljax.java:63)
    at malerisch.SetupCrawljax$MyCustomBrowser.get(SetupCrawljax.java:55)
    at com.google.inject.util.Providers$2.get(Providers.java:84)
    at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
    at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
    at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
    at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
    at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
    at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
    at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
    at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
    at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
    at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
    at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
    at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:84)
    at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254)
    at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978)
    at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024)
    at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974)
    ... 5 more
Caused by: org.openqa.selenium.WebDriverException: java.lang.NullPointerException
Build info: version: '2.44.0', revision: '76d78cf323ce037c5f92db6c1bba601c2ac43ad8', time: '2014-10-23 13:11:40'
System info: host: 'kali', ip: '127.0.1.1', os.name: 'Linux', os.arch: 'amd64', os.version: '3.18.0-kali3-amd64', java.version: '1.7.0_79'
Driver info: driver.version: FirefoxDriver
    at org.openqa.selenium.firefox.internal.FileExtension.readIdFromInstallRdf(FileExtension.java:141)
    at org.openqa.selenium.firefox.internal.FileExtension.writeTo(FileExtension.java:60)
    at org.openqa.selenium.firefox.internal.ClasspathExtension.writeTo(ClasspathExtension.java:63)
    at org.openqa.selenium.firefox.FirefoxProfile.installExtensions(FirefoxProfile.java:425)
    at org.openqa.selenium.firefox.FirefoxProfile.layoutOnDisk(FirefoxProfile.java:403)
    at org.openqa.selenium.firefox.internal.NewProfileExtensionConnection.start(NewProfileExtensionConnection.java:89)
    ... 31 more
Caused by: java.lang.NullPointerException
    at javax.xml.xpath.XPathFactoryFinder._newFactory(XPathFactoryFinder.java:220)
    at javax.xml.xpath.XPathFactoryFinder.newFactory(XPathFactoryFinder.java:141)
    at javax.xml.xpath.XPathFactory.newInstance(XPathFactory.java:182)
    at javax.xml.xpath.XPathFactory.newInstance(XPathFactory.java:96)
    at org.openqa.selenium.firefox.internal.FileExtension.readIdFromInstallRdf(FileExtension.java:99)
    ... 36 more

Setup:
Kali GNU/Linux 1.1.0
Java 1.7 Openjdk
Tested on Icewasle 31.5.3, Icewasle 31.6.0, Icewasle 31.7.0, Firefox 38.0.1
(all with a linked /usr/bin/firefox)

Do you have any idea how to solve it?

Firefox 65.0.1
MacOS Mojave 10.14.2
Installed via BApp store

Firefox quit unexpectedly

Process: firefox-bin [15638]
Path: /Applications/Firefox.app/Contents/MacOS/firefox-bin
Identifier: org.mozilla.firefox
Version: 65.0.1 (6519.2.11)
Code Type: X86-64 (Native)
Parent Process: JavaApplicationStub [14745]
Responsible: firefox-bin [15638]
User ID: 541686911

Date/Time: 2019-03-16 15:51:53.567 -0400
OS Version: Mac OS X 10.14.2 (18C54)
Report Version: 12
Bridge OS Version: 3.2 (16P2542)

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [15638]