mseclab / burp-pyjfuzz Goto Github PK
View Code? Open in Web Editor NEWBurp Suite plugin which implement PyJFuzz for fuzzing web application.
License: MIT License
Burp Suite plugin which implement PyJFuzz for fuzzing web application.
License: MIT License
The situation is as follows:
pjf -t CHPTRSX -l 6 -p page --auto
generates test casesNow, if I "Set Configuration", send my request to the Intruder, chose the extension to generate payloads and start the attack, the payload is always empty. Any idea what the issue could be? What other information do you need?
Hi,
Just tried to give this one a try but there is something probably broken around.
My platform is Kali Linux x64, latest Burp pro.
Received error:
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source)
at burp.xre.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Traceback (most recent call last):
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 187, in getNextPayload
payload = self.fuzz(payload)
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 196, in fuzz
p1 = subprocess.Popen([self.pyjfuzz, '-j', original_payload] + self._args, stdout=subprocess.PIPE)
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 830, in __init__
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 1352, in _execute_child
OSError: Cannot run program "pyjfuzz.py" (in directory "/root/Desktop/burp_suite/Burp-PyJFuzz"): error=2, No such file or directory
at org.python.core.PyException.doRaise(PyException.java:226)
at org.python.core.Py.makeException(Py.java:1337)
at org.python.core.Py.makeException(Py.java:1341)
at org.python.core.Py.makeException(Py.java:1345)
at subprocess$py._execute_child$39(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:1354)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at subprocess$py.__init__$21(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:912)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:394)
at org.python.pycode._pyx4.fuzz$15(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:200)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:153)
at org.python.core.PyFunction.__call__(PyFunction.java:423)
at org.python.core.PyMethod.__call__(PyMethod.java:141)
at org.python.pycode._pyx4.getNextPayload$12(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:188)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source)
at burp.xre.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Traceback (most recent call last):
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 187, in getNextPayload
payload = self.fuzz(payload)
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 196, in fuzz
p1 = subprocess.Popen([self.pyjfuzz, '-j', original_payload] + self._args, stdout=subprocess.PIPE)
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 830, in __init__
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 1352, in _execute_child
OSError: Cannot run program "pyjfuzz.py" (in directory "/root/Desktop/burp_suite/Burp-PyJFuzz"): error=2, No such file or directory
at org.python.core.PyException.doRaise(PyException.java:226)
at org.python.core.Py.makeException(Py.java:1337)
at org.python.core.Py.makeException(Py.java:1341)
at org.python.core.Py.makeException(Py.java:1345)
at subprocess$py._execute_child$39(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:1354)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at subprocess$py.__init__$21(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:912)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:394)
at org.python.pycode._pyx4.fuzz$15(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:200)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:153)
at org.python.core.PyFunction.__call__(PyFunction.java:423)
at org.python.core.PyMethod.__call__(PyMethod.java:141)
at org.python.pycode._pyx4.getNextPayload$12(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:188)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source)
at burp.xre.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Any idea what's going on or what should I do to fix it up?
Cheers.
I am running the Burp-PyJFuzz extention on latest Burpsuite Pro on Mac OS X.
pjf is installed and working perfectly on the command-line.
Getting this error in the extention's Error tab:
Traceback (most recent call last): File "/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py", line 187, in getNextPayload payload = self.fuzz(payload) File "/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py", line 196, in fuzz p1 = subprocess.Popen([self.pyjfuzz, '--J', '%s' % original_payload] + self._args, stdout=subprocess.PIPE) File "/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 830, in __init__ File "/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 1352, in _execute_child OSError: Cannot run program "pjf" (in directory "/Users/aditya/Documents/Tools/Burp-PyJFuzz"): error=2, No such file or directory at org.python.core.PyException.doRaise(PyException.java:226) at org.python.core.Py.makeException(Py.java:1337) at org.python.core.Py.makeException(Py.java:1341) at org.python.core.Py.makeException(Py.java:1345) at subprocess$py._execute_child$39(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py:1354) at subprocess$py.call_function(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.__call__(PyFunction.java:482) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at subprocess$py.__init__$21(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py:912) at subprocess$py.call_function(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.__call__(PyFunction.java:482) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:223) at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19) at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112) at org.python.core.PyType.type___call__(PyType.java:1713) at org.python.core.PyType.__call__(PyType.java:1696) at org.python.core.PyObject.__call__(PyObject.java:394) at org.python.pycode._pyx4.fuzz$15(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py:200) at org.python.pycode._pyx4.call_function(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:153) at org.python.core.PyFunction.__call__(PyFunction.java:423) at org.python.core.PyMethod.__call__(PyMethod.java:141) at org.python.pycode._pyx4.getNextPayload$12(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py:188) at org.python.pycode._pyx4.call_function(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.__call__(PyFunction.java:482) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at org.python.core.PyMethod.__call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3626) at org.python.core.PyObject._jcall(PyObject.java:3658) at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source) at burp.wd.run(Unknown Source) at java.lang.Thread.run(Thread.java:745)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.