Brida
Brida copied to clipboard
Published
20 hours ago •
federicodotta
federicodotta
It will cause burpsuite to get stuck.
I don't know how to reproduce, but I have used arthas to diagnose and the output is like:
[arthas@23411]$ thread -n 1
"AWT-EventQueue-0" Id=41 cpuUsage=87.38% deltaTime=176ms time=781634ms RUNNABLE
at [email protected]/java.awt.EventQueue.removeSourceEvents(EventQueue.java:1238)
at [email protected]/java.awt.Component.removeNotify(Component.java:7160)
at [email protected]/java.awt.Container.removeNotify(Container.java:2851)
at [email protected]/javax.swing.JComponent.removeNotify(JComponent.java:4864)
at [email protected]/javax.swing.text.JTextComponent.removeNotify(JTextComponent.java:1658)
at [email protected]/java.awt.Container.removeNotify(Container.java:2835)
at [email protected]/javax.swing.JComponent.removeNotify(JComponent.java:4864)
at [email protected]/java.awt.Container.removeNotify(Container.java:2835)
at [email protected]/java.awt.Container.remove(Container.java:1235)
at [email protected]/java.awt.Container.remove(Container.java:1293)
at [email protected]/javax.swing.text.ComponentView.setComponentParent(ComponentView.java:314)
at [email protected]/javax.swing.text.ComponentView.setParent(ComponentView.java:257)
at [email protected]/javax.swing.text.html.EditableView.setParent(EditableView.java:115)
at [email protected]/javax.swing.text.CompositeView.replace(CompositeView.java:192)
at [email protected]/javax.swing.text.View.updateChildren(View.java:1129)
at [email protected]/javax.swing.text.View.removeUpdate(View.java:749)
at [email protected]/javax.swing.text.FlowView.removeUpdate(FlowView.java:277)
at [email protected]/javax.swing.text.View.forwardUpdateToView(View.java:1238)
at [email protected]/javax.swing.text.View.forwardUpdate(View.java:1171)
at [email protected]/javax.swing.text.BoxView.forwardUpdate(BoxView.java:241)
at [email protected]/javax.swing.text.View.removeUpdate(View.java:755)
at [email protected]/javax.swing.text.View.forwardUpdateToView(View.java:1238)
at [email protected]/javax.swing.text.View.forwardUpdate(View.java:1171)
at [email protected]/javax.swing.text.BoxView.forwardUpdate(BoxView.java:241)
at [email protected]/javax.swing.text.View.removeUpdate(View.java:755)
at [email protected]/javax.swing.plaf.basic.BasicTextUI$RootView.removeUpdate(BasicTextUI.java:1725)
at [email protected]/javax.swing.plaf.basic.BasicTextUI$UpdateHandler.removeUpdate(BasicTextUI.java:1993)
at [email protected]/javax.swing.text.AbstractDocument.fireRemoveUpdate(AbstractDocument.java:285)
at [email protected]/javax.swing.text.AbstractDocument.handleRemove(AbstractDocument.java:652)
at [email protected]/javax.swing.text.AbstractDocument.remove(AbstractDocument.java:620)
at [email protected]/javax.swing.JEditorPane.setText(JEditorPane.java:1475)
at burp.BurpExtender$47.run(BurpExtender.java:5050)
at [email protected]/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
at [email protected]/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
at [email protected]/java.awt.EventQueue$4.run(EventQueue.java:720)
at [email protected]/java.awt.EventQueue$4.run(EventQueue.java:714)
at [email protected]/java.security.AccessController.executePrivileged(AccessController.java:776)
at [email protected]/java.security.AccessController.doPrivileged(AccessController.java:399)
at [email protected]/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at [email protected]/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)
at [email protected]/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at [email protected]/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at [email protected]/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at [email protected]/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at [email protected]/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at [email protected]/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
and console output null
More details:
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "line" is null
at burp.BurpExtender$15.run(BurpExtender.java:2530)
java.lang.OutOfMemoryError: Java heap space
at java.desktop/javax.swing.text.GapContent.getPositionsInRange(GapContent.java:755)
at java.desktop/javax.swing.text.GapContent$RemoveUndo.<init>(GapContent.java:932)
at java.desktop/javax.swing.text.GapContent.remove(GapContent.java:159)
at java.desktop/javax.swing.text.AbstractDocument.handleRemove(AbstractDocument.java:645)
at java.desktop/javax.swing.text.AbstractDocument.remove(AbstractDocument.java:620)
at java.desktop/javax.swing.JEditorPane.setText(JEditorPane.java:1475)
at burp.BurpExtender$47.run(BurpExtender.java:5066)
at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:318)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:773)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:720)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:714)
at java.base/java.security.AccessController.executePrivileged(AccessController.java:776)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)
The pyroServerProcess exit is not handled properly, resulting in the while loop of stderrThread always running setText function, resulting in memory overflow.
Hi @p1v07,
There was a bug in the Kill Server button that did not work correctly. I don't know if can be related with your issue but can you try with last pre-release version on Brida published on Github?
Thank you. Federico
