ikkisoft / blazer Goto Github PK

This feature can speed up the method signatures selection.

Either a new tab in Blazer or a new separate functionality (accessible from the context menu)

This extension is no longer supported, and it works on Burp 1.7.x only. You can download the 1.7 version from Portswigger website.

Originally posted by @ikkisoft in #11 (comment)

I tried with 1.7.37 and this error was returned by the extension:

java.lang.NullPointerException at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:153) at burp.he.run(Unknown Source) at java.lang.Thread.run(Thread.java:748)

It will be beneficial to have the Java Security Manager in place for 'com.mtso.blazer.ObjectGenerator' in order to avoid dangerous methods execution while generating custom objects.

Users can already setup it, however it will be better to have something by default on.

In BurpSuite Pro v2020.5 The AMF tab is not showing up in the request/response pane:

Perhaps this is related to the use of deprecated Burp API?
Deprecated Extender API user - registerMenuItem()

Hello,

Installed blazer extension(v0.3 - 01 Feb 2017) for Burp v2.017 but whenever I try to use it from the proxy history, the extension returns the following error. I tryed to use the tree options provided, AMF Testing, AMF2XML and Enable/Disable Sec manager:

java.lang.NullPointerException at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:153) at burp.cta.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)

Is this a known issue?

Thank you.

EDIT: Tested with 1.7.37 Pro and a similar error pop-ups in the extension output:

java.lang.NullPointerException at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:153) at burp.he.run(Unknown Source) at java.lang.Thread.run(Thread.java:748)

Auto-save of all Blazer’s configuration parameters would allow to easily tamper HTTP requests (e.g. changing the session token), without having to reconfigure Blazer

click, but nothing

java.lang.NullPointerException
	at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:153)
	at burp.he.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:748)
java.lang.NullPointerException
	at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:153)
	at burp.he.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:748)
java.lang.NullPointerException
	at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:153)
	at burp.he.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:748)

#11
#9

Extend JARs import to source code and classes

As JRuby allows full two-way access between Java and Ruby code, it will be useful to extend Blazer's console tab with JRuby as well.

An error occured when exporting

[!] Blazer extractAM Exception: flex.messaging.MessageException: ???10008???. ???10008-0-details???

here is the request and response
amf.txt

From @lavakumark

"It will be great to convert from AMF to XML"

When i installed blazer, the Alerts tab showed "Blazer:deprecated extender api used-registerMenultem()". And there is nothing happened after i click"Blazer - AMF testing".BTW,I used burp 1.7.30