Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Not able to convert string to JSON object in Burp Extension using Montoya API

Mukund | Last updated: Apr 13, 2024 09:22AM UTC

Gson gson = new GsonBuilder().setPrettyPrinting().create(); String jsonString = "{ \"name\" : \"John\", \"age\" : \"20\", \"address\" : \"some address\" }"; JsonElement jelem = gson.fromJson(jsonString, JsonElement.class); JsonObject jobj = jelem.getAsJsonObject(); String name = jobj.get("name").getAsString(); logging.logToOutput(name); This is an example code I am trying to use, so that I can read JSON body from actual HTTP response, but anything beyond the statement `JsonElement jelem = gson.fromJson(jsonString, JsonElement.class);` doesn't seem to work. I have tried org.json.JSONObject as well, but that also doesn't work. Doesn't throw any error and doesn't work. Same statements written in a Java program works perfectly, but doesn't work when executing in Burp Suite. How can I convert the response body string to JSON to extract data for work?

Hannah, PortSwigger Agent | Last updated: Apr 15, 2024 04:13PM UTC

Hi If you wrap your JSON object creation code into a try/catch block, do you find that an exception gets thrown?

Mukund | Last updated: Apr 21, 2024 02:35PM UTC

try { Gson gson = new GsonBuilder().setPrettyPrinting().create(); String jsonString = "{ \"name\" : \"John\", \"age\" : \"20\", \"address\" : \"some address\" }"; JsonElement jelem = gson.fromJson(jsonString, JsonElement.class); JsonObject jobj = jelem.getAsJsonObject(); String name = jobj.get("name").getAsString(); logging.logToOutput(name); } catch(Exception e2) { logging.logToError(e2.getMessage()); } I tried this code by using try catch block, but still I am not able to get any log in the Error tab in Burp suite extension.

Hannah, PortSwigger Agent | Last updated: Apr 22, 2024 09:40AM UTC

Hi

When compiling and running your code as part of the initialize() method in an extension for Burp, I get the expected output of "John" printed to my extension's output stream.

Is your full code publicly available on GitHub? If so, could you share a link to it?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.