Comments (5)
act1on3
commented on July 20, 2024
Sorry, all is ok:)
Real problem is extensions working only using build ./gradlew bootRun
Extensions not work with jar java -jar burp-rest-api.jar :(
My experience:
- with gui
./gradlew bootRun -Djava.awt.headless=falseextensions do not load automatically. - you can not configurate extensions over method
PUT /burp/configuration - you can not understand extensions are working or not while you will get report from scan (issues). In the report will be issues that generated by extensions.
from burp-rest-api.
ikkisoft
commented on July 20, 2024
The issue with extensions is that burp-rest-api is currently loaded as a legacy extension, thus it's not possible to load additional extensions.
In general, it's possible to load extensions using a custom user-project-file containing:
"extender":{
"extensions":[
{
"errors":"ui",
"extension_file":"PATH OF THE JAR",
"extension_type":"java",
"loaded":true,
"name":"DetectELJ",
"output":"ui"
}
],
However, this will not work with the current implementation.
If anyone has an idea on how to implement a generic solution, please let me know - I would be happy to implement it.
from burp-rest-api.
henshin
commented on July 20, 2024
According to Burp tech support, this happens because this extension is being loaded through the classpath when Burp is loading.
The solution would be to compile this extension as a standalone jar using the normal extension format and then load it in Burp, exit and then start Burp again with necessary extension command line options.
This was the solution implemented for the Carbonator extension. I suggest looking at their source code.
from burp-rest-api.
henshin
commented on July 20, 2024
Not sure if helps, but I was able to compile the plugin as a standalone extension using the following pom.xml and compiling using maven:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>burp-rest-api</groupId>
<artifactId>burp-rest-api</artifactId>
<version>1.0.3</version>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jetty</artifactId>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>burpsuite_pro</groupId>
<version>1.0</version>
<artifactId>burpsuite_pro</artifactId>
<scope>system</scope>
<systemPath>/path/to/burp-rest-api/lib/burpsuite_pro.jar</systemPath>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<version>1.7.25</version>
<artifactId>slf4j-api</artifactId>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.1.0</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.1.0</version>
<scope>compile</scope>
<exclusions>
<exclusion>
<artifactId>commons-logging</artifactId>
<groupId>commons-logging</groupId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.2.RELEASE</version>
<scope>import</scope>
<type>pom</type>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<configuration>
<archive>
<manifest>
<addClasspath>true</addClasspath>
</manifest>
</archive>
</configuration>
</plugin>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.1</version>
<configuration>
<archive/>
<source>1.8</source>
<target>1.8</target>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
</configuration>
</plugin>
</plugins>
</build>
</project>
I'm not a developer so this pom.xml is probably not very well formatted.
Then using maven like:
mvn clean compile assembly:single
This creates the file burp-rest-api-1.0.3-jar-with-dependencies.jar in the target folder.
Even though I can load the jar in Burp, I'm not sure how could I use the features afterwards. The API server doesn't launch when I load the extension.
from burp-rest-api.
lestatk0
commented on July 20, 2024
I have the same issue. It looks that Python's extensions work correctly, but at the same time java's extensions don't work.
in a user-config-file i have
{
"errors":"ui",
"extension_file":"/opt/burp-ext/J2EEScan-1.2.5-jar-with-dependencies.jar",
"extension_type":"java",
"loaded":true,
"name":"J2EE Advanced Tests",
"output":"ui"
},
and output is : Extender: Failed to load extension: J2EE Advanced Tests
Maybe anyone have solution?
from burp-rest-api.
Related Issues (20)
- Partial history HOT 2
- Unable to Get Scan Status HOT 6
- New release scheduled? HOT 2
- Sitemap not responding | Bad Request HOT 1
- Windows server 2019 - The supplied licence key was not recognized HOT 2
- Sitemap TimeoutException HOT 1
- Persisting extension settings HOT 2
- Getting '400-Bad Request' response with '/burp/proxy/history' HOT 3
- Burp Start with custom listeners (This is not a bug. It's just a query) HOT 1
- Burp is not starting with burp-rest-api.sh via Jenkins HOT 2
- Activate burp license using API HOT 1
- Include in Scope - no complex url handled HOT 1
- Getting NullPointerException on Remote Server HOT 2
- Custom config file not properly running with the api script HOT 4
- burp-rest-api.bat is showing "The supplied license key was not recognized.." error even after providing a valid license key HOT 5
- Newer version of Burp is not using reflection to call IBurpExtender#registerExtenderCallbacks HOT 1
- how to solve recover vulnerabilities in a report via swagger? HOT 3
- Crash with latest Burp Suite v2022.12.6 HOT 6
- /burp/report?urlPrefix=target returns 400 Bad request HOT 1
- the API cannot accept any requests when I pass the burp user configurations json file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burp-rest-api.