Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extension causes Burp scanner to freeze sometimes #18

Open
notoriousturtle opened this issue Apr 3, 2018 · 4 comments
Open

Extension causes Burp scanner to freeze sometimes #18

notoriousturtle opened this issue Apr 3, 2018 · 4 comments

Comments

@notoriousturtle
Copy link

For some reason, this extension can cause Burp scanner to lock up. I am not the author of the below thread, just found it when I was having this problem. Disabling the J2EEScan extension solved my problem.

https://support.portswigger.net/customer/portal/questions/11323602-freezes-in-scanner
@ilmila
Copy link
Owner

ilmila commented Apr 15, 2018
edited
Loading

Could you please provide more details to reproduce the issue?

@brettgervasoni
Copy link

Unfortunately I cannot. It only seems to occur when I have a large project, and Burp is already sluggish. Its hard to say this was 100% the problem, but when I disabled it, as per the thread recommendation (and restarted Burp), Burp Scanner started running again. If there is nothing obvious, maybe close this issue and wait until someone else encounters it?

@Hipapheralkus
Copy link

Hi, I think I just observed the same [Burp Pro v1.7.33 64-bit on Windows]-> Active scan froze, and when I went through various extensions, I noticed that J2EEScan has following error log:

	at java.lang.Thread.run(Thread.java:745)
User-Agent
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
Referer
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
5
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)

@Hipapheralkus
Copy link

it still happens, active scan gets stuck every time I have this extender turned on. I can see following output this time:

java.lang.NullPointerException: Response cannot be null
	at burp.r3c.analyzeResponse(Unknown Source)
	at burp.ltf.analyzeResponse(Unknown Source)
	at burp.j2ee.issues.impl.InfrastructurePathTraversal.scan(InfrastructurePathTraversal.java:153)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.NullPointerException: Response cannot be null
category

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@notoriousturtle @ilmila @Hipapheralkus @brettgervasoni