Burp Suite User Forum

Login to post

RuntimeException when trying to load SQLiPy

robert | Last updated: Jun 16, 2016 04:09AM UTC

I have loaded Jython and SQLiPy, but when I try to copy a request from the Proxy using the SQLiPy Scan menu, I get a RuntimeException. Does anybody know what causes this? Note that sqlmapapi.py is running, and everything else looks OK. Calling: /usr/bin/python /usr/share/sqlmap/sqlmapapi.py -s -H x.x.x.x -p 8081 [10:35:35] [INFO] Running REST-JSON API server at 'x.x.x.x:8081'.. [10:35:35] [INFO] Admin ID: da73943752b59433c31476b7f99bb71f [10:35:35] [DEBUG] IPC database: /tmp/sqlmapipc-cDIaWb [10:35:35] [DEBUG] REST-JSON API server connected to IPC database Failed to add data to scan tab. java.lang.RuntimeException: java.lang.NoSuchMethodError: burp.IHttpRequestResponse.getHttpService()Lburp/IHttpService; at burp.exd.a(Unknown Source) at burp.w6e.analyzeRequest(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:186) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:204) at org.python.core.PyObject.__call__(PyObject.java:478) at org.python.core.PyObject.__call__(PyObject.java:482) at org.python.core.PyMethod.__call__(PyMethod.java:141) at org.python.pycode._pyx2.sqlMapScan$23(/root/SQLiPy.py:807) at org.python.pycode._pyx2.call_function(/root/SQLiPy.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:153) at org.python.core.PyFunction.__call__(PyFunction.java:423) at org.python.core.PyMethod.__call__(PyMethod.java:141) at org.python.pycode._pyx2.f$20(/root/SQLiPy.py:763) at org.python.pycode._pyx2.call_function(/root/SQLiPy.py) at org.python.core.PyTableCode.call(PyTableCode.java:167) at org.python.core.PyBaseCode.call(PyBaseCode.java:307) at org.python.core.PyFunction.function___call__(PyFunction.java:471) at org.python.core.PyFunction.__call__(PyFunction.java:466) at org.python.core.PyFunction.__call__(PyFunction.java:461) at org.python.core.PyCompoundCallable.__call__(PyCompoundCallable.java:26) at org.python.core.PyObject.__call__(PyObject.java:431) at org.python.core.PyObject._jcallexc(PyObject.java:3626) at org.python.core.PyObject._jcall(PyObject.java:3658) at org.python.proxies.java.awt.event.ActionListener.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2018) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2341) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:402) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.AbstractButton.doClick(AbstractButton.java:376) at javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:833) at javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:877) at java.awt.Component.processMouseEvent(Component.java:6516) at javax.swing.JComponent.processMouseEvent(JComponent.java:3312) at java.awt.Component.processEvent(Component.java:6281) at java.awt.Container.processEvent(Container.java:2229) at java.awt.Component.dispatchEventImpl(Component.java:4872) at java.awt.Container.dispatchEventImpl(Container.java:2287) at java.awt.Component.dispatchEvent(Component.java:4698) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4832) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4492) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4422) at java.awt.Container.dispatchEventImpl(Container.java:2273) at java.awt.Window.dispatchEventImpl(Window.java:2719) at java.awt.Component.dispatchEvent(Component.java:4698) at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:747) at java.awt.EventQueue.access$300(EventQueue.java:103) at java.awt.EventQueue$3.run(EventQueue.java:706) at java.awt.EventQueue$3.run(EventQueue.java:704) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:77) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87) at java.awt.EventQueue$4.run(EventQueue.java:720) at java.awt.EventQueue$4.run(EventQueue.java:718) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:77) at java.awt.EventQueue.dispatchEvent(EventQueue.java:717) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:242) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:161) ... a few lines trimmed to make it under the 5k limit

PortSwigger Agent | Last updated: Jun 16, 2016 07:52AM UTC

Are you using the standalone Jython JAR, and version 2.7 of Jython?

Burp User | Last updated: Jun 16, 2016 10:22PM UTC

Yes. I am using the Jython JAR obtained with this download link. http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.7.0/jython-standalone-2.7.0.jar

Burp User | Last updated: Jun 16, 2016 11:21PM UTC

Went back over every configuration option, just to check; but didn't actually change anything. I did stop and restart Burp, and now I can successfully pass a Request from the Proxy to the SQLiPy SqlMap Scanner tab. Thought that all was OK, until I realised that Scanner tab has no Start Scan button. Weird, but I've tabbed through every control on that screen and there appears to be no way to start the scanner. The last thing on that tab is the Tamper Scripts field. There is no Start Scan button. Even the horizontal line below the Tamper Scripts field is missing. Any ideas? Here's the output from the Extender tab, which looks a lot better without that stack dump (there's nothing in the Errors tab): SQLiPy - 0.5.0 Burp interface to SQLMap via the SQLMap API josh.berry@codewatch.org Calling: /usr/bin/python /usr/share/sqlmap/sqlmapapi.py -s -H 10.1.1.1 -p 8081 [08:52:12] [INFO] Running REST-JSON API server at '10.1.1.1:8081'.. [08:52:12] [INFO] Admin ID: c496e0e37b2e44793dcfe18abbd41798 [08:52:12] [DEBUG] IPC database: /tmp/sqlmapipc-UyZiNx [08:52:12] [DEBUG] REST-JSON API server connected to IPC database

PortSwigger Agent | Last updated: Jun 17, 2016 08:00AM UTC

We don't maintain or support the SQLiPy extension so I'm afraid we can't advise on why the SQLiPy "Start Scan" button is not showing. Perhaps you can contact the SQLiPy author for assistance with the extension?

Burp User | Last updated: Aug 09, 2016 01:20PM UTC

Pacth is here: https://github.com/codewatchorg/sqlipy/commit/647073b0d07f773e34f3289e73c6f14da2746e8a

You need to Log in to post a reply. Or register here, for free.