Git Product home page Git Product logo

burpshiropassivescan's Introduction

BurpShiroPassiveScan

一款基于BurpSuite的被动式shiro检测插件

免责声明

该工具仅用于安全自查检测

由于传播、利用此工具所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。

本人拥有对此工具的修改和解释权。未经网络安全部门及相关部门允许,不得善自使用本工具进行任何攻击活动,不得以任何方式将其用于商业目的。

自言自语

据听说它的诞生是因为作者太太太懒了!

不想每个站点自己去添加个rememberMe去探测是否shiro框架

于是乎~

它就诞生了

简介

BurpShiroPassiveScan 一个希望能节省一些渗透时间好进行划水的扫描插件

该插件会对BurpSuite传进来的每个不同的域名+端口的流量进行一次shiro检测

目前的功能如下

  • shiro框架指纹检测
  • shiro加密key检测,cbc,gcm

请注意!!!!

下载完毕以后,请务必打开 /resources/config.yml 看看配置文件,里面有很多自定义的功能,可以自由选择, 例如添加shiro key功能

下载完毕以后,请务必打开 /resources/config.yml 看看配置文件,里面有很多自定义的功能,可以自由选择, 例如添加shiro key功能

下载完毕以后,请务必打开 /resources/config.yml 看看配置文件,里面有很多自定义的功能,可以自由选择, 例如添加shiro key功能

编译方法

编译方法

这是一个 java maven项目

导入idea,打开刚刚好下载好的源码

打开: /BurpShiroPassiveScan/pom.xml 安装对应的包,第一次安装依赖包需要比较久,慢慢等不要急

编译文件地址: ./BurpShiroPassiveScan/target/BurpShiroPassiveScan/

jar包地址: ./BurpShiroPassiveScan/target/BurpShiroPassiveScan/BurpShiroPassiveScan.jar

项目配置文件地址: ./BurpShiroPassiveScan/target/BurpShiroPassiveScan/resources/config.yml

接着拿着这个jar包, 导入BurpSuite即可

安装方法

检测方法选择

目前只有一种方法进行shiro框架的key检测

  1. l1nk3r师傅的基于原生shiro框架 检测方法

l1nk3r师傅的检测思路地址: https://mp.weixin.qq.com/s/do88_4Td1CSeKLmFqhGCuQ

根据我的测试l1nk3r师傅的这个方法更加适合用来检测“shiro key”这个功能!!!

使用l1nk3r师傅这个方法对比URLDNS我认为有以下优点

  1. 去掉了请求dnslog的时间, 提高了扫描速度, 减少了大量的额外请求
  2. 避免了有的站点不能出网导致漏报
  3. 生成的密文更短, 不容易被waf拦截

基于以上优点, 我决定了, 现在默认使用 l1nk3r师傅 这个方法进行 shiro key的爆破

使用方法

我们正常去访问网站, 如果站点的某个请求出现了,那么该插件就会去尝试检测

访问完毕以后, 插件就会自动去进行扫描

如果有结果那么插件就会在以下地方显示

  • Tag
  • Extender
  • Scanner-Issue activity

问题查看

目前有这几个地方可以查看

tag界面查看漏洞情况

现在可以通过tag界面查看漏洞情况了

分别会返回
- the number of website scans exceeded = 超出网站可扫描次数(可通过config.yml修改)
- shiro fingerprint problems have exceeded the number = shiro指纹问题已经超过了暴露次数(可通过config.yml修改)
- shiro encryption key leakage problems have exceeded the number = shiro加密密钥泄露问题已经超过了暴露次数(可通过config.yml修改)
- shiro fingerprint module startup error = shiro指纹模块启动错误
- the site is not a shiro framework = 这个网站不是shiro框架
- waiting for test results = 等待测试结果
- [-] not found shiro key = 没有找到shiro的key
- [+] found shiro key: xxxxx = 发现了shiro的key
- [*] shiro fingerprint = 表示使用了shiro框架
- [x] unknown error = 未知错误

新增key的方法

嫌弃内置key不够多,可以这样

打开: ./BurpShiroPassiveScan/resources/config.yml
找到: application.shiroCipherKeyExtension.config.payloads

然后在后面添加新key即可

注: 修改了配置,记得重新加载插件,这样才会生效

设置多线程的方法

嫌弃跑的慢,可以这样

打开: ./BurpShiroPassiveScan/resources/config.yml
找到: application.shiroCipherKeyExtension.config.threadTotal

然后修改想开的线程即可,默认为4线程

注: 修改了配置,记得重新加载插件,这样才会生效

burpshiropassivescan's People

Contributors

pmiaowu avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

shellsec conanjun shenjialong123 cppxl ggz001 kangd1w2 wang0098 5h4d3s ir-st morns0 bravery9 want2live233 iiiusky yeshuibo m09ic deepwebhacker yyming-sudo selfevo dictest bievan attacker-codeninja rebootorz s0k tuziv lcl99 rassec zichong-h suifengg hcjcn rv0p111 milkii0 hackerxj007 go-bi icysun pyking tec-yao sec-nux j0hn30n leeasina 1777 libaizaishuijiao renjunfeng scriptkiddlepyh thinks520 rand01m jsomething-for-nothing liutufang thecryinggame mxm-tools otakuhp izj007 lqh11 xiumulty cts2021 mrnait xiaobaicaicaicai popmedd huangzccn jeromeyoung allblue147 tis-wy alone-hacker xdreamseeker crackercat re13orn laowang1026 0xd3ac chinanala log4jshe11 rudsarkar serin26 lalkaltest sts0mrg0 xuningnb ttuanhung 87993xiaojiang lolipop1234 shakecode flyr4nk hxazzzz 365bug stevenlinfeng msr00t whami-root 360sec sec-fork functfan evi1c0de fdlucifer patrickstarwow ryrnnnlaleaaa tga0 nucleareris m3g4byt3 gysf666 dirtypipe dk47os3r crisprss s3rmvc xwlops

burpshiropassivescan's Issues

加载插件时output中文乱码

burp 2020.11,windows 10
安装插件时output回显中文乱码,安装后extender页面 detail右边的output中文又能显示正常

感谢

谢谢大佬写了这么好用的插件,对于不会Java的菜鸟帮助太大了

GCM加密与Java版本问题

同一个站点 shiro GCM加密模式
使用java8运行加载的插件,检测到key
java8

使用高版本java14运行加载插件,没有检测到key
Inkedjava14_LI

java高版本好像是这个问题 Cannot find any provider supporting AES/GCM/PKCS5Padding
在burp Logger可以看到
gcm检测时数据包cookie部分 rememberMe=0
Cookie: JSESSIONID=60e6708a-126f-4c89-b02d-5f5b8b39c6f8; rememberMe=0
Upgrade-Insecure-Requests: 1

java版本与GCM加密问题

站点存在shiro漏洞,gcm加密

使用java1.8 启动的burp加载,插件扫出key
java8

使用java14 启动的burp加载,插件没扫出key
java14
看来下日志gcm加密检测key时,rememberme=0

这里我修改了下插件代码,解决问题
gcm

issue

java.lang.NoClassDefFoundError: org/yaml/snakeyaml/Yaml

at burp.Bootstrap.YamlReader.<init>(YamlReader.java:25)
at burp.Bootstrap.YamlReader.getInstance(YamlReader.java:31)
at burp.Ui.Tags.<init>(Tags.java:24)
at burp.BurpExtender.registerExtenderCallbacks(BurpExtender.java:55)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:578)
at burp.hms.lambda$registerExtenderCallbacks$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:577)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1589)

Caused by: java.lang.ClassNotFoundException: org.yaml.snakeyaml.Yaml
at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 12 more

不回显秘钥

我自己添加一些秘钥,进行了编译jar包,使用出现等待结果,一直没有显示结果,希望作者可以解答,十分感谢!
image

编译的jar无法爆破key

请问师傅,这个项目应该如何编译呢。

我这边使用maven package命令编译出来的包只有56k大小(jdk1.8、9、15都试过),而release下载的大小有2.5M。

加载bp之后也是只有检测shiro框架,并没有爆破key的请求(被动扫描已开),issue中一直是waiting for test results状态,没有任何报错。直接使用Release中的jar包是可以运行的,不确定是不是我编译方法的问题🙉🙉

加载之后报错

java.lang.NullPointerException: Cannot invoke "burp.IHttpRequestResponse.getHttpService()" because "this.currentlyDisplayedItem" is null
at burp.e4j.M(Unknown Source)
at burp.bs8.getHttpService(Unknown Source)
at burp.bhw.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
at burp.imm.a(Unknown Source)
at burp.e_3.a(Unknown Source)
at burp.e_3.a(Unknown Source)
at burp.et9.a(Unknown Source)
at burp.h96.b(Unknown Source)
at burp.e_3.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addImpl(Container.java:1146)
at java.desktop/javax.swing.JSplitPane.addImpl(JSplitPane.java:1009)
at java.desktop/java.awt.Container.add(Container.java:997)
at java.desktop/javax.swing.JSplitPane.setLeftComponent(JSplitPane.java:453)
at burp.e_t.d(Unknown Source)
at burp.e_t.c(Unknown Source)
at burp.e_t.a(Unknown Source)
at burp.e_t.lambda$layoutInitialised$2(Unknown Source)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException: Cannot invoke "burp.IHttpRequestResponse.getHttpService()" because "this.currentlyDisplayedItem" is null
at burp.e4j.M(Unknown Source)
at burp.bs8.getHttpService(Unknown Source)
at burp.bhw.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:128)
at burp.imm.a(Unknown Source)
at burp.e_3.a(Unknown Source)
at burp.e_3.a(Unknown Source)
at burp.et9.a(Unknown Source)
at burp.h96.b(Unknown Source)
at burp.e_3.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addImpl(Container.java:1146)
at java.desktop/javax.swing.JSplitPane.addImpl(JSplitPane.java:1009)
at java.desktop/java.awt.Container.add(Container.java:997)
at java.desktop/javax.swing.JSplitPane.setLeftComponent(JSplitPane.java:453)
at burp.e_t.d(Unknown Source)
at burp.e_t.c(Unknown Source)
at burp.e_t.a(Unknown Source)
at burp.e_t.lambda$layoutInitialised$2(Unknown Source)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

image

请教这里是不是有一个小问题

最近在学习师傅的插件,有一处存在疑惑
这个地方填入的是默认固定值,不应该是从请求中获取吗
image

这里我采用ShiroFingerprint3扩展检测
rememberMe=aaa
image
而插件显示该请求的rememberMe=3
image
image

不回显秘钥

我自己添加一些秘钥,进行了编译jar包,使用出现等待结果,一直没有显示结果,希望作者可以解答,十分感谢!
image

大佬 打包出来的jar包报错

java.lang.NullPointerException
at burp.an2.d(Unknown Source)
at burp.bym.getHttpService(Unknown Source)
at burp.cvu.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:149)
at burp.do7.b(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.baa.a(Unknown Source)
at burp.gvc.b(Unknown Source)
at burp.ph.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addImpl(Container.java:1146)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:754)
at burp.pw.a(Unknown Source)
at burp.pw.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:828)
at burp.hrp.a(Unknown Source)
at burp.baa.a(Unknown Source)
at burp.baa.c(Unknown Source)
at burp.gs6.a(Unknown Source)
at burp.d82.addSuiteTab(Unknown Source)
at burp.cq.addSuiteTab(Unknown Source)
at burp.ekl.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:75)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException
at burp.an2.d(Unknown Source)
at burp.bym.getHttpService(Unknown Source)
at burp.cvu.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:149)
at burp.do7.b(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.baa.a(Unknown Source)
at burp.gvc.b(Unknown Source)
at burp.ph.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addImpl(Container.java:1146)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:754)
at burp.pw.a(Unknown Source)
at burp.pw.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:828)
at burp.hrp.a(Unknown Source)
at burp.baa.a(Unknown Source)
at burp.baa.c(Unknown Source)
at burp.gs6.a(Unknown Source)
at burp.d82.addSuiteTab(Unknown Source)
at burp.cq.addSuiteTab(Unknown Source)
at burp.ekl.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:75)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:316)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:391)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

使用jdk11 编译仍然报错

java.lang.NullPointerException
at burp.e4t.Z(Unknown Source)
at burp.g0_.getHttpService(Unknown Source)
at burp.fp8.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346)
at burp.fb0.a(Unknown Source)
at burp.gbo.b(Unknown Source)
at burp.i9u.a(Unknown Source)
at burp.i9u.a(Unknown Source)
at burp.cju.a(Unknown Source)
at burp.c_m.b(Unknown Source)
at burp.h1z.b(Unknown Source)
at burp.cju.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addImpl(Container.java:1146)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730)
at burp.azq.a(Unknown Source)
at burp.azq.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804)
at burp.fa0.a(Unknown Source)
at burp.c_m.b(Unknown Source)
at burp.c_m.a(Unknown Source)
at burp.hmq.a(Unknown Source)
at burp.h6d.addSuiteTab(Unknown Source)
at burp.hs7.addSuiteTab(Unknown Source)
at burp.em9.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:75)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
java.lang.NullPointerException
at burp.e4t.Z(Unknown Source)
at burp.g0_.getHttpService(Unknown Source)
at burp.fp8.getHttpService(Unknown Source)
at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346)
at burp.fb0.a(Unknown Source)
at burp.gbo.b(Unknown Source)
at burp.i9u.a(Unknown Source)
at burp.i9u.a(Unknown Source)
at burp.cju.a(Unknown Source)
at burp.c_m.b(Unknown Source)
at burp.h1z.b(Unknown Source)
at burp.cju.addNotify(Unknown Source)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addNotify(Container.java:2800)
at java.desktop/javax.swing.JComponent.addNotify(JComponent.java:4783)
at java.desktop/java.awt.Container.addImpl(Container.java:1146)
at java.desktop/javax.swing.JTabbedPane.insertTab(JTabbedPane.java:730)
at burp.azq.a(Unknown Source)
at burp.azq.insertTab(Unknown Source)
at java.desktop/javax.swing.JTabbedPane.addTab(JTabbedPane.java:804)
at burp.fa0.a(Unknown Source)
at burp.c_m.b(Unknown Source)
at burp.c_m.a(Unknown Source)
at burp.hmq.a(Unknown Source)
at burp.h6d.addSuiteTab(Unknown Source)
at burp.hs7.addSuiteTab(Unknown Source)
at burp.em9.addSuiteTab(Unknown Source)
at burp.Tags$1.run(Tags.java:75)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

burp加载插件时候报空指针错误

如题:
java.lang.NullPointerException at burp.f1k.b(Unknown Source) at burp.g72.getHttpService(Unknown Source) at burp.d9x.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346) at burp.fjg.a(Unknown Source) at burp.dn5.a(Unknown Source) at burp.dn5.a(Unknown Source) at burp.gcg.b(Unknown Source) at burp.f47.b(Unknown Source) at burp.dn5.addNotify(Unknown Source) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addImpl(Container.java:1124) at javax.swing.JTabbedPane.insertTab(JTabbedPane.java:724) at burp.dny.a(Unknown Source) at burp.dny.insertTab(Unknown Source) at javax.swing.JTabbedPane.addTab(JTabbedPane.java:798) at burp.a3o.a(Unknown Source) at burp.gcg.c(Unknown Source) at burp.gcg.b(Unknown Source) at burp.a3z.a(Unknown Source) at burp.art.addSuiteTab(Unknown Source) at burp.fh8.addSuiteTab(Unknown Source) at burp.wv.addSuiteTab(Unknown Source) at burp.Tags$1.run(Tags.java:75) at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82) java.lang.NullPointerException at burp.f1k.b(Unknown Source) at burp.g72.getHttpService(Unknown Source) at burp.d9x.getHttpService(Unknown Source) at burp.BurpExtender$MarkInfoTab.isEnabled(BurpExtender.java:346) at burp.fjg.a(Unknown Source) at burp.dn5.a(Unknown Source) at burp.dn5.a(Unknown Source) at burp.gcg.b(Unknown Source) at burp.f47.b(Unknown Source) at burp.dn5.addNotify(Unknown Source) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addNotify(Container.java:2776) at javax.swing.JComponent.addNotify(JComponent.java:4740) at java.awt.Container.addImpl(Container.java:1124) at javax.swing.JTabbedPane.insertTab(JTabbedPane.java:724) at burp.dny.a(Unknown Source) at burp.dny.insertTab(Unknown Source) at javax.swing.JTabbedPane.addTab(JTabbedPane.java:798) at burp.a3o.a(Unknown Source) at burp.gcg.c(Unknown Source) at burp.gcg.b(Unknown Source) at burp.a3z.a(Unknown Source) at burp.art.addSuiteTab(Unknown Source) at burp.fh8.addSuiteTab(Unknown Source) at burp.wv.addSuiteTab(Unknown Source) at burp.Tags$1.run(Tags.java:75) at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:311) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:758) at java.awt.EventQueue.access$500(EventQueue.java:97) at java.awt.EventQueue$3.run(EventQueue.java:709) at java.awt.EventQueue$3.run(EventQueue.java:703) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:74) at java.awt.EventQueue.dispatchEvent(EventQueue.java:728) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:205) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:116) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:105) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:93) at java.awt.EventDispatchThread.run(EventDispatchThread.java:82)

UTF-8编码显示乱码

换成别的编码就不乱码,但是request 和 response 中文又会乱码,这就很烦~~~~~~
image
image
image

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.