Skip to content
Burp Suite extension to passively scan for applications revealing server error messages
Branch: master
Clone or download
Pull request Compare This branch is 10 commits ahead, 14 commits behind augustd:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.gitignore
.travis.yml Switch to Open JDK 7 Nov 8, 2017
BappDescription.html
BappManifest.bmf
README.md Add dependencies badge Feb 6, 2018
pom.xml

README.md

Build Status Dependency Status

burp-suite-error-message-checks

This Burp Suite 1.5+ extension passively detects server error messages in running applications. Some examples:

  • Fatal error: Call to a member function getId() on a non-object in /var/www/docroot/application/modules/controllers/ModalController.php on line 609
  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
  • [SEVERE] at net.minecraft.server.World.tickEntities(World.java:1146)
  • System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint) +2071
  • c() called at [/tmp/include.php:10]
  • Use of uninitialized value in string eq at /Library/Perl/5.8.6/WWW/Mechanize.pm line 695

Often error messages may go unnoticed by a tester who is only looking at the application UI. This extension is designed to passively detect error messages, even during scanning, spidering, etc.

Match rules are loaded from a remote tab-delimited file at extension startup. Users can also load their own match rules from a local file or using the BApp GUI.

Building:

mvn clean install

You can’t perform that action at this time.