Burp Suite User Forum

Login to post

Burp Infiltrator Patching Fails On Webgoat 6.0.1

Sasha | Last updated: Dec 11, 2019 03:17PM UTC

wget https://github.com/WebGoat/WebGoat-Legacy/releases/download/v6.0.1/WebGoat-6.0.1-war-exec.jar $ md5sum WebGoat-6.0.1-war-exec.jar 8071e4be1c3d8b6dd6520b2c63031eca WebGoat-6.0.1-war-exec.jar java -verbose -jar burp_infiltrator_java.jar WebGoat-6.0.1-war-exec.jar <snip>... [0.256s][info][class,load] net.portswigger.infiltrator.patcher.c source: file:/data/home/Desktop/training/webgoat/burp_infiltrator_java.jar Please read and confirm the following statements. I confirm that I have read and understood the Burp Suite Documentation relating to Burp Infiltrator. By deploying Burp Infiltrator, I confirm that I am doing so in full understanding of the nature of Burp Infiltrator and the risks inherent in its utilization. I confirm that either I am a licensed user of Burp Suite Professional or a licensed user has recommended that I deploy Burp Infiltrator and in the latter case the licensed user has discussed with me the contents of the Documentation relating to Burp Infiltrator and the potential consequences of such installation. Do you confirm the above statements? [y/N] Y Do you want Burp Infiltrator to report the full parameter value when input reaches a potentially unsafe API? [Y/n] [5.236s][info][class,load] java.util.IdentityHashMap$IdentityHashMapIterator source: jrt:/java.base [5.236s][info][class,load] java.util.IdentityHashMap$KeyIterator source: jrt:/java.base Do you want Burp Infiltrator to report the call stack when input reaches a potentially unsafe API? [Y/n] Do you want to allow communication over unencrypted HTTP? [y/N] Do you want to restrict the Burp Collaborator servers that can be used? [y/N] Enter the file path to the target application bytecode. Use commas to enter multiple paths: [/data/home/Desktop/training/webgoat] WebGoat-6.0.1-war-exec.jar [18.686s][info][class,load] net.portswigger.infiltrator.patcher.e source: file:/data/home/Desktop/training/webgoat/burp_infiltrator_java.jar [18.687s][info][class,load] java.net.URISyntaxException source: jrt:/java.base [18.689s][info][class,load] net.portswigger.infiltrator.patcher.v source: file:/data/home/Desktop/training/webgoat/burp_infiltrator_java.jar [18.690s][info][class,load] java.util.zip.DeflaterOutputStream source: jrt:/java.base [18.690s][info][class,load] java.util.zip.ZipOutputStream source: jrt:/java.base [18.690s][info][class,load] java.util.jar.JarOutputStream source: jrt:/java.base [18.691s][info][class,load] java.awt.peer.SystemTrayPeer source: jrt:/java.desktop [18.691s][info][class,load] sun.awt.X11.XMSelectionListener source: jrt:/java.desktop [18.691s][info][class,load] sun.awt.X11.XSystemTrayPeer source: jrt:/java.desktop md5sum WebGoat-6.0.1-war-exec.jar 8071e4be1c3d8b6dd6520b2c63031eca WebGoat-6.0.1-war-exec.jar javac --version javac 11.0.5

Liam, PortSwigger Agent | Last updated: Dec 11, 2019 03:25PM UTC

Infiltrator has official support for Java applications compiled between Java 5 and Java 8. I've added a note to our development backlog to "Support for new Java versions in Infiltrator. Unfortunately, we have a large backlog of feature requests, so I can't give you an ETA.

You need to Log in to post a reply. Or register here, for free.