mseclab / burp-pyjfuzz Goto Github PK
View Code? Open in Web Editor NEWBurp Suite plugin which implement PyJFuzz for fuzzing web application.
License: MIT License
burp-pyjfuzz's People
Contributors
Stargazers
Watchers
Forkers
fishso lucabongiorni kalizero hxp2k6 wflk hax0rg1rl dzonerzy talk2noob yi6ei2ifd jijicanyu test123test111 pe4ch nx4dm1n yeshuibo sevck aliluyala stayliv3 ring007c sireof r3zk0n bilportistivraboti attackgithub locksley1337 brightpath466burp-pyjfuzz's Issues
Not generating payloads
The situation is as follows:
- PJF version 1.1.2
pjf -t CHPTRSX -l 6 -p page --autogenerates test cases- Burp Pro 1.7.30
- Extension loads without issue
Now, if I "Set Configuration", send my request to the Intruder, chose the extension to generate payloads and start the attack, the payload is always empty. Any idea what the issue could be? What other information do you need?
Extension doesn't work -> OSError: Cannot run program "pyjfuzz.py"
Hi,
Just tried to give this one a try but there is something probably broken around.
My platform is Kali Linux x64, latest Burp pro.
Received error:
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source)
at burp.xre.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Traceback (most recent call last):
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 187, in getNextPayload
payload = self.fuzz(payload)
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 196, in fuzz
p1 = subprocess.Popen([self.pyjfuzz, '-j', original_payload] + self._args, stdout=subprocess.PIPE)
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 830, in __init__
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 1352, in _execute_child
OSError: Cannot run program "pyjfuzz.py" (in directory "/root/Desktop/burp_suite/Burp-PyJFuzz"): error=2, No such file or directory
at org.python.core.PyException.doRaise(PyException.java:226)
at org.python.core.Py.makeException(Py.java:1337)
at org.python.core.Py.makeException(Py.java:1341)
at org.python.core.Py.makeException(Py.java:1345)
at subprocess$py._execute_child$39(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:1354)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at subprocess$py.__init__$21(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:912)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:394)
at org.python.pycode._pyx4.fuzz$15(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:200)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:153)
at org.python.core.PyFunction.__call__(PyFunction.java:423)
at org.python.core.PyMethod.__call__(PyMethod.java:141)
at org.python.pycode._pyx4.getNextPayload$12(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:188)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source)
at burp.xre.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Traceback (most recent call last):
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 187, in getNextPayload
payload = self.fuzz(payload)
File "/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py", line 196, in fuzz
p1 = subprocess.Popen([self.pyjfuzz, '-j', original_payload] + self._args, stdout=subprocess.PIPE)
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 830, in __init__
File "/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 1352, in _execute_child
OSError: Cannot run program "pyjfuzz.py" (in directory "/root/Desktop/burp_suite/Burp-PyJFuzz"): error=2, No such file or directory
at org.python.core.PyException.doRaise(PyException.java:226)
at org.python.core.Py.makeException(Py.java:1337)
at org.python.core.Py.makeException(Py.java:1341)
at org.python.core.Py.makeException(Py.java:1345)
at subprocess$py._execute_child$39(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:1354)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at subprocess$py.__init__$21(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py:912)
at subprocess$py.call_function(/root/Desktop/burp_suite/jython-standalone-2.7.0.jar/Lib/subprocess.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:223)
at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19)
at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112)
at org.python.core.PyType.type___call__(PyType.java:1713)
at org.python.core.PyType.__call__(PyType.java:1696)
at org.python.core.PyObject.__call__(PyObject.java:394)
at org.python.pycode._pyx4.fuzz$15(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:200)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:153)
at org.python.core.PyFunction.__call__(PyFunction.java:423)
at org.python.core.PyMethod.__call__(PyMethod.java:141)
at org.python.pycode._pyx4.getNextPayload$12(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py:188)
at org.python.pycode._pyx4.call_function(/root/Desktop/burp_suite/Burp-PyJFuzz/burp-pyjfuzz.py)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyBaseCode.call(PyBaseCode.java:307)
at org.python.core.PyBaseCode.call(PyBaseCode.java:198)
at org.python.core.PyFunction.__call__(PyFunction.java:482)
at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237)
at org.python.core.PyMethod.__call__(PyMethod.java:228)
at org.python.core.PyMethod.__call__(PyMethod.java:218)
at org.python.core.PyMethod.__call__(PyMethod.java:213)
at org.python.core.PyObject._jcallexc(PyObject.java:3626)
at org.python.core.PyObject._jcall(PyObject.java:3658)
at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source)
at burp.xre.run(Unknown Source)
at java.lang.Thread.run(Thread.java:748)
Any idea what's going on or what should I do to fix it up?
Cheers.
OSError: Cannot run program "pjf"
I am running the Burp-PyJFuzz extention on latest Burpsuite Pro on Mac OS X.
pjf is installed and working perfectly on the command-line.
Getting this error in the extention's Error tab:
Traceback (most recent call last): File "/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py", line 187, in getNextPayload payload = self.fuzz(payload) File "/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py", line 196, in fuzz p1 = subprocess.Popen([self.pyjfuzz, '--J', '%s' % original_payload] + self._args, stdout=subprocess.PIPE) File "/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 830, in __init__ File "/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py", line 1352, in _execute_child OSError: Cannot run program "pjf" (in directory "/Users/aditya/Documents/Tools/Burp-PyJFuzz"): error=2, No such file or directory at org.python.core.PyException.doRaise(PyException.java:226) at org.python.core.Py.makeException(Py.java:1337) at org.python.core.Py.makeException(Py.java:1341) at org.python.core.Py.makeException(Py.java:1345) at subprocess$py._execute_child$39(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py:1354) at subprocess$py.call_function(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.__call__(PyFunction.java:482) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at subprocess$py.__init__$21(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py:912) at subprocess$py.call_function(/Users/aditya/Downloads/jython-standalone-2.7.0.jar/Lib/subprocess.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.__call__(PyFunction.java:482) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:223) at org.python.core.Deriveds.dispatch__init__(Deriveds.java:19) at org.python.core.PyObjectDerived.dispatch__init__(PyObjectDerived.java:1112) at org.python.core.PyType.type___call__(PyType.java:1713) at org.python.core.PyType.__call__(PyType.java:1696) at org.python.core.PyObject.__call__(PyObject.java:394) at org.python.pycode._pyx4.fuzz$15(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py:200) at org.python.pycode._pyx4.call_function(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:153) at org.python.core.PyFunction.__call__(PyFunction.java:423) at org.python.core.PyMethod.__call__(PyMethod.java:141) at org.python.pycode._pyx4.getNextPayload$12(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py:188) at org.python.pycode._pyx4.call_function(/Users/aditya/Documents/Tools/Burp-PyJFuzz/burp-pyjfuzz.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyBaseCode.call(PyBaseCode.java:198) at org.python.core.PyFunction.__call__(PyFunction.java:482) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at org.python.core.PyMethod.__call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3626) at org.python.core.PyObject._jcall(PyObject.java:3658) at org.python.proxies.__main__$JSONFuzzer$9.getNextPayload(Unknown Source) at burp.wd.run(Unknown Source) at java.lang.Thread.run(Thread.java:745)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.