As I'm developing a plugin for Burp I send various request from the extender. However, today this plugin missed the following error:
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 2393
Date: Mon, 26 Dec 2016 03:18:44 GMT
Connection: close
<html><head><title>Apache Tomcat/7.0.26 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>The server encountered an internal error () that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>org.apache.jasper.JasperException: /uploads/1DownloadMeExifGifJSP2.jspx (line: 1, column: 1) Content is not allowed in prolog.
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:42)
org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:408)
org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:89)
org.apache.jasper.compiler.JspDocumentParser.parse(JspDocumentParser.java:207)
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:226)
org.apache.jasper.compiler.ParserController.parseDirectives(ParserController.java:119)
org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:193)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:373)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
</pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.26 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.26</h3></body></html>
After checking I saw that the plugin has a regex for it. When looking into the source code I saw the following code in BurpExtender.java:
toolsScope = new ToolsScopeComponent(callbacks);
toolsScope.setEnabledToolConfig(IBurpExtenderCallbacks.TOOL_PROXY, false);
toolsScope.setToolDefault(IBurpExtenderCallbacks.TOOL_PROXY, false);
toolsScope.setToolDefault(IBurpExtenderCallbacks.TOOL_SCANNER, true);
toolsScope.setToolDefault(IBurpExtenderCallbacks.TOOL_REPEATER, true);
toolsScope.setToolDefault(IBurpExtenderCallbacks.TOOL_INTRUDER, true);
mTab.addComponent(toolsScope);
This list does not include the extender. There are several solutions I guess:
Obviously I would prefer solution 1, but I'm OK with any. Maybe 2 or 3 as a quick fix and 1 as a feature request?
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent