J2EEScan icon indicating copy to clipboard operation
J2EEScan copied to clipboard

Published 20 hours ago verified publisher icon ilmila

Extension causes Burp scanner to freeze sometimes

Open notoriousturtle opened this issue 6 years ago • 4 comments

For some reason, this extension can cause Burp scanner to lock up. I am not the author of the below thread, just found it when I was having this problem. Disabling the J2EEScan extension solved my problem.

https://support.portswigger.net/customer/portal/questions/11323602-freezes-in-scanner

notoriousturtle avatar Apr 03 '18 04:04 notoriousturtle

Could you please provide more details to reproduce the issue?

ilmila avatar Apr 15 '18 14:04 ilmila

Unfortunately I cannot. It only seems to occur when I have a large project, and Burp is already sluggish. Its hard to say this was 100% the problem, but when I disabled it, as per the thread recommendation (and restarted Burp), Burp Scanner started running again. If there is nothing obvious, maybe close this issue and wait until someone else encounters it?

brettgervasoni avatar Apr 15 '18 23:04 brettgervasoni

Hi, I think I just observed the same [Burp Pro v1.7.33 64-bit on Windows]-> Active scan froze, and when I went through various extensions, I noticed that J2EEScan has following error log:

	at java.lang.Thread.run(Thread.java:745)
User-Agent
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
Referer
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2032.scan(ApacheStrutsS2032.java:70)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsDebugMode.scan(ApacheStrutsDebugMode.java:92)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2020.scan(ApacheStrutsS2020.java:64)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2016.scan(ApacheStrutsS2016.java:88)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
5
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.UnsupportedOperationException: Action is not supported for this parameter type
	at burp.r3c.a(Unknown Source)
	at burp.r3c.removeParameter(Unknown Source)
	at burp.ltf.removeParameter(Unknown Source)
	at burp.j2ee.issues.impl.ApacheStrutsS2017.scan(ApacheStrutsS2017.java:72)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)

Hipapheralkus avatar Apr 17 '18 08:04 Hipapheralkus

it still happens, active scan gets stuck every time I have this extender turned on. I can see following output this time:

java.lang.NullPointerException: Response cannot be null
	at burp.r3c.analyzeResponse(Unknown Source)
	at burp.ltf.analyzeResponse(Unknown Source)
	at burp.j2ee.issues.impl.InfrastructurePathTraversal.scan(InfrastructurePathTraversal.java:153)
	at burp.BurpExtender.doActiveScan(BurpExtender.java:124)
	at burp.dhd.run(Unknown Source)
	at java.lang.Thread.run(Thread.java:745)
java.lang.NullPointerException: Response cannot be null
category

Hipapheralkus avatar Jun 05 '18 14:06 Hipapheralkus