Burp Suite User Forum

Login to post

helpers indexOf doesn't seem to be working as expected.

Alan | Last updated: May 16, 2022 07:50PM UTC

(reposting as I neglected to put this in bug reports the first time) I'm working with https://github.com/PortSwigger/java-deserializer I have a stream of bytes in a request that should be a serialized java object. Line 145 in JDUtils.java (https://github.com/PortSwigger/java-deserializer/blob/b6f04746206a692883d9418403a2f374f6697c28/src/burp/JDUtils.java#L145) is the following: return helpers.indexOf(content, JDUtils.serializeMagic, false, 0, content.length) > -1; Dumping the byte array thats passed in as the content argument, I clearly see the serializeMagic bytes right after the headers: 13, 10, 13, 10, -84, -19 (cr,nl,cr,nl, serialized object begins). However, the call to indexOf returns -1, not an offset to -84 as expected. What am I missing here ? Thanks in advance!

Michelle, PortSwigger Agent | Last updated: May 17, 2022 08:28AM UTC

Thanks for your message. Extensions are written and maintained by third-party users of Burp, so issues with the extensions should be reported to the authors. You can find the link where you can report issues to the original author here: https://github.com/nccgroup/JDSer-ngng I hope this helps.

Alan | Last updated: May 18, 2022 12:12AM UTC

Not really. The issue is not with the extension. The issue is with the indexOf API call that *IS* a part of burp core API. It seems to be broken.

Alan | Last updated: May 18, 2022 12:14AM UTC

Specifically the method is defined in IExtensionHelpers.java ``` 180 /** 181 * This method searches a piece of data for the first occurrence of a 182 * specified pattern. It works on byte-based data in a way that is similar ~ 183 * to the way the native Java method <code>String.indexOf()</code> works on ~ 184 * String-based data. 185 * 186 * @param data The data to be searched. 187 * @param pattern The pattern to be searched for. 188 * @param caseSensitive Flags whether or not the search is case-sensitive. ~ 189 * @param from The offset within <code>data</code> where the search should ~ 190 * begin. ~ 191 * @param to The offset within <code>data</code> where the search should ~ 192 * end. 193 * @return The offset of the first occurrence of the pattern within the 194 * specified bounds, or -1 if no match is found. 195 */ ~ 196 int indexOf( + 197 byte[] data, 198 byte[] pattern, 199 boolean caseSensitive, 200 int from, 201 int to); 202 ```

Hannah, PortSwigger Agent | Last updated: May 24, 2022 03:52PM UTC

Hi Alan I've put together a small test extension, and it seems like the issue may be to do with the negative byte values provided. How are you providing the content item to the extension, or retrieving it? If you convert it to unsigned bytes, and adjust the JDUtils.serializeMagic value to be unsigned as well, do you still receive this issue?

You need to Log in to post a reply. Or register here, for free.