Comments (9)
Hi, the extension should also work on Windows. Could you please provide more details? Did you get any error?
from nuclei-burpextension.
@dbrwsky yeah i have waited for a very long time but the extension does nothing. I have waited 10-15 minutes..
Scanning of https://google.com started
'C:\Users\asus\nuclei.exe' -u https://google.com -t 'C:\Users\asus\nuclei-templates' -json -nc
-----------------------------------------------------------
from nuclei-burpextension.
Have you also tried to run the nuclei directly from the cmd?
'C:\Users\asus\nuclei.exe' -u https://<host> -t 'C:\Users\asus\nuclei-templates' -json -nc
from nuclei-burpextension.
@dbrwsky yes it works if iam using CMD
from nuclei-burpextension.
Ok, let's try one more thing, please run following scan from the nuclei burp extension:
'C:\Users\asus\nuclei.exe' -u https://ginandjuice.shop -t 'C:\Users\asus\nuclei-templates\misconfiguration\http-missing-security-headers.yaml' -json -nc
If that doesn't work, please give me the following information: Windows version you use, jython version and burp version then I will try to reproduce the issue on my own.
from nuclei-burpextension.
Same here. Running your recommendation above i can see the single request to ginandjuiceshop through the proxy. No change or output from the plugin window and i can see the Nuclei executable in the process monitoring basically doing nothing. Pressing kill in the plugin closes the executable down.
Running exactly the same command from the CLI works fine and i can see the nuclei output showing the missing headers.
Burp v2022.9.6. Windows 10 and jython-standalone-2.7.2.jar
from nuclei-burpextension.
Just found this too
java.lang.NullPointerException
java.lang.NullPointerException
at burp.x6e.addScanIssue(Unknown Source)
at burp.lbc.addScanIssue(Unknown Source)
at burp.d0_.addScanIssue(Unknown Source)
at burp.s8g.addScanIssue(Unknown Source)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.python.core.PyReflectedFunction.call(PyReflectedFunction.java:190)
at org.python.core.PyReflectedFunction.call(PyReflectedFunction.java:208)
at org.python.core.PyObject.call(PyObject.java:477)
at org.python.core.PyObject.call(PyObject.java:481)
at org.python.core.PyMethod.call(PyMethod.java:141)
at org.python.pycode._pyx4.parseNucleiResults$10(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py:275)
at org.python.pycode._pyx4.call_function(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:168)
at org.python.core.PyFunction.call(PyFunction.java:437)
at org.python.core.PyMethod.call(PyMethod.java:156)
at org.python.pycode.pyx4.scan$9(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py:235)
at org.python.pycode.pyx4.call_function(C:/Users/asdasdfasdf/AppData/Roaming/BurpSuite/bapps/9c7f7ae2844c4828b28be2398c02b7f7/nuclei-extension.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
at org.python.core.PyFunction.call(PyFunction.java:485)
at org.python.core.PyMethod.instancemethod___call(PyMethod.java:237)
at org.python.core.PyMethod.call(PyMethod.java:228)
at org.python.core.PyMethod.call(PyMethod.java:223)
at org.python.core.PyObject.callextra(PyObject.java:589)
at threading$py.run$35(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py:213)
at threading$py.call_function(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:134)
at org.python.core.PyFunction.call(PyFunction.java:416)
at org.python.core.PyMethod.call(PyMethod.java:126)
at threading$py.Thread__bootstrap$36(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py:261)
at threading$py.call_function(C:/Users/asdasdfasdf/AppData/Local/BurpSuitePro/jython-standalone-2.7.2.jar/Lib/threading.py)
at org.python.core.PyTableCode.call(PyTableCode.java:173)
at org.python.core.PyBaseCode.call(PyBaseCode.java:306)
at org.python.core.PyBaseCode.call(PyBaseCode.java:197)
at org.python.core.PyFunction.call(PyFunction.java:485)
at org.python.core.PyMethod.instancemethod___call(PyMethod.java:237)
at org.python.core.PyMethod.call(PyMethod.java:228)
at org.python.core.PyMethod.call(PyMethod.java:218)
at org.python.core.PyMethod.call(PyMethod.java:213)
at org.python.core.FunctionThread.run(FunctionThread.java:23)
from nuclei-burpextension.
Hi @AkikoOrenji, thank you for reporting the issue. I successfully reproduce it and it looks like the extension doesn't work properly on Burp Suite Pro version 2022.9 and newer. The problem is in this line of code self._callbacks.addScanIssue(customIssue)
as a workaround you can comment this line and the extension should work correctly except the functionality which adds results to the Issue tab. Alternatively you can try to use Burp Suite Pro version 2022.8.5.
I'm working for the permanent fix for this issue.
from nuclei-burpextension.
The issue has been fixed in the latest commit.
from nuclei-burpextension.
Related Issues (7)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuclei-burpextension.