Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

URL scan with multiple options from Burp Plugin giving error

Govind | Last updated: Feb 12, 2020 12:18PM UTC

Hello Team, I am running scan of URL as mentioned below having multiple options from Jenkins using Burp Scan plugin. When I run the scan from Burp Enterprise it is getting triggered but when I run scan for same URL from Jenkins it gives error. Please let us know what need to be changed. Details are provided below. Original URL: https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433&REALMOID=06-8f37ddf9-1811-4ac2-998d-33365712f423&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-4X0pXVOY%2bFo2lXco2Kyvnh%2bBnbZq%2f2h3Ljlm5px1ew%2b7tq9reZgUzCzPcIOgN%2fP3SzhG2Zl1WoPe%2bTpn8JltO83iPwUyBwW1&TARGET=-SM-https%3a%2f%2facc16--uat%2einside%2eams1907%2ecom%2f Since URL contains & we have added this special character: ^ to it. Also all the Upper case characters are converted to lower case in the URL. URL Used in Jenkins Job: https://eamsso.inside.ams1907.com/pub/eam/login.fcc?type=33554433^&realmoid=06-8f37ddf9-1811-4ac2-998d-33365712f423^&guid=^&smauthreason=0^&method=get^&smagentname=-sm-4x0pxvoy%2bfo2lxco2kyvnh%2bbnbzq%2f2h3ljlm5px1ew%2b7tq9rezguzczpciogn%2fp3szhg2zl1wope%2btpn8jlto83ipwuybww1^&target=-sm-https%3a%2f%2facc16--uat%2einside%2eams1907%2ecom%2f Jenkins Console: C:\Program Files\jenkins\UFT_EntAutomation_N2\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\Under_Test\2_ACC_Enterprise_Jenkins_Scan>echo BURP_SCAN_URL=https://eamsso.inside.ams1907.com/pub/eam/login.fcc?type=33554433&realmoid=06-8f37ddf9-1811-4ac2-998d-33365712f423&guid=&smauthreason=0&method=get&smagentname=-sm-4x0pxvoybfo2lxco2kyvnhbbnbzqf2h3ljlm5px1ewb7tq9rezguzczpciognfp3szhg2zl1wopebtpn8jlto83ipwuybww1&target=-sm-httpsaffacc16--uateinsideeams1907ecomf BURP_SCAN_URL=https://eamsso.inside.ams1907.com/pub/eam/login.fcc?type=33554433&realmoid=06-8f37ddf9-1811-4ac2-998d-33365712f423&guid=&smauthreason=0&method=get&smagentname=-sm-4x0pxvoybfo2lxco2kyvnhbbnbzqf2h3ljlm5px1ewb7tq9rezguzczpciognfp3szhg2zl1wopebtpn8jlto83ipwuybww1&target=-sm-httpsaffacc16--uateinsideeams1907ecomf C:\Program Files\jenkins\UFT_EntAutomation_N2\workspace\jenkinsmaster-5\ENT\EntAutomation\Burp_Suite_Jobs\Under_Test\2_ACC_Enterprise_Jenkins_Scan>exit 0 ERROR: Build step failed with exception java.io.IOException: Unexpected response from server: 500 - {"type":"ServerError","code":57,"error":""} at net.portswigger.burp.api.driver.BurpCiDriver.scan(Unknown Source) at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:134) Caused: java.io.UncheckedIOException at org.jenkinsci.plugins.burpscan.BurpScanRecorder.perform(BurpScanRecorder.java:139) at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20) at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:741) at hudson.model.Build$BuildExecution.build(Build.java:206) at hudson.model.Build$BuildExecution.doRun(Build.java:163) at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504) at hudson.model.Run.execute(Run.java:1818) at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43) at hudson.model.ResourceController.execute(ResourceController.java:97) at hudson.model.Executor.run(Executor.java:429) Build step 'Burp scan' marked build as failure Finished: FAILURE

Hannah, PortSwigger Agent | Last updated: Feb 14, 2020 09:16AM UTC

Hello We've worked out that any URL-encoded characters need to be double URL-encoded. Please try with the following URL: https://eamsso.inside.ams1907.com/pub/eam/login.fcc?TYPE=33554433%2526REALMOID=06-8f37ddf9-1811-4ac2-998d-33365712f423%2526GUID=%2526SMAUTHREASON=0%2526METHOD=GET%2526SMAGENTNAME=-SM-4X0pXVOY%252bFo2lXco2Kyvnh%252bBnbZq%252f2h3Ljlm5px1ew%252b7tq9reZgUzCzPcIOgN%252fP3SzhG2Zl1WoPe%252bTpn8JltO83iPwUyBwW1%2526TARGET=-SM-https%253a%252f%252facc16--uat%252einside%252eams1907%252ecom%252f We think this may be to do with how Jenkins is storing the settings.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.