Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

IScannerInsertionPoint.getPayloadOffsets() causes scan failures when null is returned

Alex | Last updated: May 03, 2022 11:04PM UTC

Hi, I'm building an extension for scanning custom serialized data and encountered a bug in IScannerInsertionPoint.getPayloadOffsets() From the getPayloadOffsets() JavaDoc: """ Returns: An int[2] array containing the start and end offsets of the payload within the request, or null if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request). """ Since my target data is serialized, I configured the getPayloadOffsets() method to simply return `null`. Things seemed to be working fine at first, but scan items always failed with "unknown errors" after sending a specific number of requests. I spent an afternoon of debugging and found the scan items always failed immediately after calling getPayloadOffsets() for any given insertion point. I changed the method to return intArrayOf(0, 0) and that seems to have worked. This method should accept a null value, or the docs should be updated to reflect the correct usage. As a side note, most of my extension is written in Kotlin, but I expect the results would be the same for pure Java extensions.

Hannah, PortSwigger Agent | Last updated: May 10, 2022 08:14AM UTC

Hi Alex Apologies for the late response. We've been trying to replicate this issue, but have not been successful so far. Could you drop us an email with a POC, so we can try and replicate this issue, please?

Alex | Last updated: May 10, 2022 05:15PM UTC

Sure thing. I'm planning to publish the extension in the coming weeks, so I'll reach out with a link to the code when it's ready.

Julian | Last updated: Apr 23, 2024 09:59AM UTC