Skip to content
Burp Suite extension to passively scan for applications revealing server error messages
Branch: master
Clone or download
Pull request Compare This branch is 10 commits ahead, 14 commits behind augustd:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.travis.yml Switch to Open JDK 7 Nov 8, 2017
BappManifest.bmf Add dependencies badge Feb 6, 2018

Build Status Dependency Status


This Burp Suite 1.5+ extension passively detects server error messages in running applications. Some examples:

  • Fatal error: Call to a member function getId() on a non-object in /var/www/docroot/application/modules/controllers/ModalController.php on line 609
  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
  • [SEVERE] at net.minecraft.server.World.tickEntities(
  • System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint) +2071
  • c() called at [/tmp/include.php:10]
  • Use of uninitialized value in string eq at /Library/Perl/5.8.6/WWW/ line 695

Often error messages may go unnoticed by a tester who is only looking at the application UI. This extension is designed to passively detect error messages, even during scanning, spidering, etc.

Match rules are loaded from a remote tab-delimited file at extension startup. Users can also load their own match rules from a local file or using the BApp GUI.


mvn clean install

You can’t perform that action at this time.