Comments (2)
xeno6696
commented on June 21, 2024
On line 183 of BurpService.java, the URL that gets returned from the analyzeRequest() method appears to be forcefully appending the port #. I reconstructed the behavior with this unit test:
@Test
public void testStartsWith() throws Exception {
String foo = "https://j2ee.dev.rms.ray.com/reference";
URIBuilder urib = new URIBuilder(foo);
urib.setPort(443);
URI uri = urib.build();
String externalForm = uri.toURL().toExternalForm();
assertEquals(true, foo.startsWith(externalForm));
}
So at some point in Burp code, weβre explicitly setting the port number when we prepare to return the URL back via the BurpExtender.getCallbacks().analyzeRequest() method. I've contacted portswigger support with a more detailed description of this bug, but the end result is that the logic here in BurpService.java is going to cause difficulties as the version of the URL stored in the "in scope sitemap" isn't going to align with the "baseUrl" that is being referenced here.
from burp-rest-api.
xeno6696
commented on June 21, 2024
Pull request #40 resolves this problem.
from burp-rest-api.
Related Issues (20)
- Partial history HOT 2
- Unable to Get Scan Status HOT 6
- New release scheduled? HOT 2
- Sitemap not responding | Bad Request HOT 1
- Windows server 2019 - The supplied licence key was not recognized HOT 2
- Sitemap TimeoutException HOT 1
- Persisting extension settings HOT 2
- Getting '400-Bad Request' response with '/burp/proxy/history' HOT 3
- Burp Start with custom listeners (This is not a bug. It's just a query) HOT 1
- Burp is not starting with burp-rest-api.sh via Jenkins HOT 2
- Activate burp license using API HOT 1
- Include in Scope - no complex url handled HOT 1
- Getting NullPointerException on Remote Server HOT 2
- Custom config file not properly running with the api script HOT 4
- burp-rest-api.bat is showing "The supplied license key was not recognized.." error even after providing a valid license key HOT 5
- Newer version of Burp is not using reflection to call IBurpExtender#registerExtenderCallbacks HOT 1
- how to solve recover vulnerabilities in a report via swagger? HOT 3
- Crash with latest Burp Suite v2022.12.6 HOT 6
- /burp/report?urlPrefix=target returns 400 Bad request HOT 1
- the API cannot accept any requests when I pass the burp user configurations json file HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burp-rest-api.