An error occurred processing input. Please check input about attack-surface-detector-burp HOT 17 CLOSED

Hello @riramar I apologize for the delay. I will have to look into this issue as it seems there is an error processing the your webapp. There is currently no debug mode though running Burp with from the command line may help see what the specific error is. May I ask what application you are testing? Is it open source so that I can download and investigate the error as well?

-Matthew

from attack-surface-detector-burp.

Ho @matthewD-AVI, unfortunately I cannot share the source code. I'll try to check running Burp from command line and let you know.

from attack-surface-detector-burp.

@matthewD-AVI BTW do you have any dummy app in ruby on rails so I can run and validate my environment?

from attack-surface-detector-burp.

@riramar Here is a link to a dummy RoR application that I tested and know works. If you run Burp in command line I would be interested to see the specific errors so I can resolve any issues that are needed on our end

https://github.com/OWASP/railsgoat/releases

from attack-surface-detector-burp.

just to let you @matthewD-AVI know the import from railsgoat works perfectly. I'll run burp manually to check the logs from command line.

from attack-surface-detector-burp.

same error here please help

An error occurred processing input. Please check input

@matthewD-AVI

from attack-surface-detector-burp.

@mashraf9 Are you trying to process Ruby on rails as well? Is the source to your application open source so I can test it myself and see the error messages? Are you using the latest version of teh ASD technology through the BAap store or located here(https://github.com/secdec/attack-surface-detector-burp/releases/tag/1.1.2)? Have you tried launching Burp from the command line and then trying to import your endpoints and if so what was the error?

from attack-surface-detector-burp.

Got he problem.

INFO [AWT-EventQueue-0] RailsFrameworkChecker.check(69) | Got 169 *.rb files from the directory.
INFO [AWT-EventQueue-0] RailsFrameworkChecker.check(70) | .../config/routes.rb was found.

The extension is not able to dynamic find the routes.rb file.

from attack-surface-detector-burp.

@riramar Is /config/routes.rb not the location of your routes file? (Relative to your project directory)

from attack-surface-detector-burp.

Yes, the file is in the right place but the 169 *.rb files are in different folders.

from attack-surface-detector-burp.

@riramar Can you go into more detail on what you mean by "not able to dynamic find the routes.rb file"? It looks like the plugin was able to find your routes.rb successfully. Are those 169 *.rb files all in the project being scanned, or in different projects entirely?

Is there any other error information available after running Burp from command-line with the plugin? So far there isn't enough information for us to start debugging the issue.

from attack-surface-detector-burp.

I am currently having the same issue with a RoR application which src-code is private. Here is the console output:

INFO [AWT-EventQueue-0] FrameworkCalculator.getType(71) | Attempting to guess Framework Type from source tree.
INFO [AWT-EventQueue-0] FrameworkCalculator.getType(72) | File: C:\Users\Test\Desktop\app-master
INFO [AWT-EventQueue-0] WebFormsFrameworkChecker.check(50) | Got 0 .aspx files from the directory.
INFO [AWT-EventQueue-0] RailsFrameworkChecker.check(69) | Got 1945 *.rb files from the directory.
INFO [AWT-EventQueue-0] RailsFrameworkChecker.check(70) | .../config/routes.rb was found.
INFO [AWT-EventQueue-0] FrameworkCalculator.getType(89) | Source tree framework type detection returned: Rails
INFO [AWT-EventQueue-0] EndpointDatabaseFactory.getDatabase(156) | Creating database with root file = C:\Users\Test\Desktop\app-master and framework type = RAILS and path cleaner = [PathCleaner dynamicRoot=null, staticRoot=null]

from attack-surface-detector-burp.

Several rails parsing issues have been found and are being addressed, though we can't confirm whether these changes will affect the issues that you two are having. These fixes should be available by the end of today or, at the latest, end of tomorrow.

from attack-surface-detector-burp.

@riramar @lightos @mashraf9 Can you tell us what version of Rails you are using?

from attack-surface-detector-burp.

Thanks, I look forward to testing the fixes when they are released.

The application is using:
gem 'rails', '~> 5.0.7'

from attack-surface-detector-burp.

Rails Version 5.2.0

from attack-surface-detector-burp.

@riramar @lightos @mashraf9 The rails parsing issues that @tylercamp was talking about is now avaliable in both the Burp and Zap Plugins. You can download the binary here: https://github.com/secdec/attack-surface-detector-burp/releases/tag/1.1.2

from attack-surface-detector-burp.