Burp Suite User Forum

Login to post

callbacks.doActiveScan not triggering active scan

Manish | Last updated: Jul 08, 2022 02:47PM UTC

Hi Team, I have following code for performing a active scan for a particular request but this is not triggering the active scan instead this throws error as below:- ``` import burp import sys from burp import IBurpExtender, IContextMenuFactory, IHttpListener class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.registerHttpListener(self) callbacks.setExtensionName("Hello Extension") host = 'xxx.xxx.xxx' port = 443 #trying to scan last request in proxy history request_2scan = (callbacks.getProxyHistory()[-1]).request useHttps = True callbacks.doActiveScan(host, port, useHttps, request_2scan) ``` Error:- ``` java.lang.RuntimeException: burp.c: NTFS at burp.ee_.a(Unknown Source) at burp.b45.doActiveScan(Unknown Source) at burp.b45.doActiveScan(Unknown Source) at burp.gtw.doActiveScan(Unknown Source) at burp.emx.doActiveScan(Unknown Source) at jdk.internal.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:567) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190) at org.python.core.PyObject.__call__(PyObject.java:422) at org.python.core.PyMethod.__call__(PyMethod.java:187) at org.python.pycode._pyx4.registerExtenderCallbacks$2(C:/Users/e082790/PycharmProjects/BurpExtension/doactivescaninburp.py:20) at org.python.pycode._pyx4.call_function(C:/Users/e082790/PycharmProjects/BurpExtension/doactivescaninburp.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:306) at org.python.core.PyBaseCode.call(PyBaseCode.java:197) at org.python.core.PyFunction.__call__(PyFunction.java:485) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at org.python.core.PyMethod.__call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3565) at org.python.core.PyObject._jcall(PyObject.java:3598) at org.python.proxies.__main__$BurpExtender$0.registerExtenderCallbacks(Unknown Source) at burp.ghy.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:831) java.lang.RuntimeException: burp.c: NTFS at burp.ee_.a(Unknown Source) at burp.b45.doActiveScan(Unknown Source) at burp.b45.doActiveScan(Unknown Source) at burp.gtw.doActiveScan(Unknown Source) at burp.emx.doActiveScan(Unknown Source) at jdk.internal.reflect.GeneratedMethodAccessor57.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:567) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190) at org.python.core.PyObject.__call__(PyObject.java:422) at org.python.core.PyMethod.__call__(PyMethod.java:187) at org.python.pycode._pyx4.registerExtenderCallbacks$2(C:/Users/e082790/PycharmProjects/BurpExtension/doactivescaninburp.py:20) at org.python.pycode._pyx4.call_function(C:/Users/e082790/PycharmProjects/BurpExtension/doactivescaninburp.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:306) at org.python.core.PyBaseCode.call(PyBaseCode.java:197) at org.python.core.PyFunction.__call__(PyFunction.java:485) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at org.python.core.PyMethod.__call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3565) at org.python.core.PyObject._jcall(PyObject.java:3598) at org.python.proxies.__main__$BurpExtender$0.registerExtenderCallbacks(Unknown Source) at burp.ghy.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:831) ```

Hannah, PortSwigger Agent | Last updated: Jul 08, 2022 03:43PM UTC

Hi Is your extension trying to interact with your file system at all? On load of the extension, does the proxy history contain any items to send to the Scanner?

Manish | Last updated: Jul 09, 2022 07:30AM UTC

Is your extension trying to interact with your file system at all?---> No extension is not trying to r/w from/to filesystem. It's pretty straight forward where I am trying to get proxyhistory(which is not null...there are 20-30 request in it) and active scan the last endpoint in the proxyhistory. On load of the extension, does the proxy history contain any items to send to the Scanner? ---> Yes

Hannah, PortSwigger Agent | Last updated: Jul 11, 2022 10:37AM UTC

Hi I've tested your extension in Burp v2022.7, after removing your HttpListener, and the function you specify is working as intended. It triggers an extension-driven active audit scan task in the dashboard. Have you added further code to your extension that may be triggering this issue instead?

You need to Log in to post a reply. Or register here, for free.