Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not Catching HTTP Methods #63

Closed
LegendBegins opened this issue Jan 22, 2021 · 11 comments
Closed

Not Catching HTTP Methods #63

LegendBegins opened this issue Jan 22, 2021 · 11 comments

Comments

@LegendBegins
Copy link

LegendBegins commented Jan 22, 2021
edited

Hey there! Fantastic tool; I've really enjoyed avoiding pasting cookies into Repeater.

I'm having an issue where the tool is missing PATCH and DELETE requests. The requests show up perfectly fine in Proxy, and I don't have any filters for HTTP verbs.
@Quitten
Copy link
Owner

Quitten commented Jan 24, 2021
edited

Thanks for the great feedback :)

image
It works perfectly fine for me, can you please check it again? are you working on the latest version?

@LegendBegins
Copy link
Author

Running through the same endpoints, it's catching PATCH now, but still missing DELETE. I'm not sure what's causing the inconsistency. To my knowledge, I'm on the latest version (1.4).

@Quitten
Copy link
Owner

Quitten commented Jan 26, 2021

@LegendBegins - please provide steps to reproduce, it is all working properly for me on latest version, no other users reported this.

@LegendBegins
Copy link
Author

The endpoint I'm testing against isn't public, but I'll leave screenshots of the difference I'm seeing between Proxy and Autorize in a request block. The page itself is a DELETE request triggered whenever you click a button to remove a resource. But if I'm the only person experiencing this problem, it's probably something local to my system.

image
image

Feel free to close the issue. Again, I appreciate how much time your tool saves.

@jpginc
Copy link
Contributor

jpginc commented Jan 26, 2021 via email

@LegendBegins
Copy link
Author

Is there any error messages in the output window in the output or errors tabs (go to extender -> extensions select autorize from the loaded extension list)

On Tue, 26 Jan 2021 at 12:00 pm Legend @.***> wrote: The endpoint I'm testing against isn't public, but I'll leave screenshots of the difference I'm seeing between Proxy and Autorize in a request block. The page itself is a DELETE request triggered whenever you click a button to remove a resource. But if I'm the only person experiencing this problem, it's probably something local to my system. [image: image] https://user-images.githubusercontent.com/10779959/105876330-7d93d080-5fc4-11eb-8091-3d3b3579d6d4.png [image: image] https://user-images.githubusercontent.com/10779959/105876951-0f034280-5fc5-11eb-9ea4-ff265513947a.png Feel free to close the issue. Again, I appreciate how much time your tool saves. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#63 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAUSM6CWIULQGZADJGJILYLS33YL7ANCNFSM4WPFDBIA .

There are a few of them.

at java.base/java.lang.Thread.run(Thread.java:832) Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 221, in getResponse return self._extender._currentlyDisplayedItem.getResponse() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 221, in getResponse return self._extender._currentlyDisplayedItem.getResponse() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 221, in getResponse return self._extender._currentlyDisplayedItem.getResponse() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 218, in getRequest return self._extender._currentlyDisplayedItem.getRequest() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 221, in getResponse return self._extender._currentlyDisplayedItem.getResponse() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 218, in getRequest return self._extender._currentlyDisplayedItem.getRequest() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 218, in getRequest return self._extender._currentlyDisplayedItem.getRequest() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 218, in getRequest return self._extender._currentlyDisplayedItem.getRequest() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 221, in getResponse return self._extender._currentlyDisplayedItem.getResponse() AttributeError: 'MessageEditor' object has no attribute '_extender' Traceback (most recent call last): File "C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\gui\tabs.py", line 221, in getResponse return self._extender._currentlyDisplayedItem.getResponse() AttributeError: 'MessageEditor' object has no attribute '_extender' java.lang.NullPointerException: Response cannot be null at burp.ap3.analyzeResponse(Unknown Source) at burp.cg7.analyzeResponse(Unknown Source) at jdk.internal.reflect.GeneratedMethodAccessor42.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:208) at org.python.core.PyObject.__call__(PyObject.java:477) at org.python.core.PyObject.__call__(PyObject.java:481) at org.python.core.PyMethod.__call__(PyMethod.java:141) at authorization.authorization$py.checkAuthorization$12(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py:289) at authorization.authorization$py.call_function(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:187) at org.python.core.PyFunction.__call__(PyFunction.java:449) at authorization.authorization$py.handle_message$8(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py:128) at authorization.authorization$py.call_function(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:187) at org.python.core.PyFunction.__call__(PyFunction.java:449) at org.python.pycode._pyx4.processHttpMessage$3(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\Autorize.py:37) at org.python.pycode._pyx4.call_function(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\Autorize.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:306) at org.python.core.PyBaseCode.call(PyBaseCode.java:197) at org.python.core.PyFunction.__call__(PyFunction.java:485) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at org.python.core.PyMethod.__call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3565) at org.python.core.PyObject._jcall(PyObject.java:3598) at org.python.proxies.__main__$BurpExtender$19.processHttpMessage(Unknown Source) at burp.bka.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832) java.lang.NullPointerException: Response cannot be null at burp.ap3.analyzeResponse(Unknown Source) at burp.cg7.analyzeResponse(Unknown Source) at jdk.internal.reflect.GeneratedMethodAccessor42.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:190) at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:208) at org.python.core.PyObject.__call__(PyObject.java:477) at org.python.core.PyObject.__call__(PyObject.java:481) at org.python.core.PyMethod.__call__(PyMethod.java:141) at authorization.authorization$py.checkAuthorization$12(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py:289) at authorization.authorization$py.call_function(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:187) at org.python.core.PyFunction.__call__(PyFunction.java:449) at authorization.authorization$py.handle_message$8(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py:128) at authorization.authorization$py.call_function(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\authorization\authorization.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:187) at org.python.core.PyFunction.__call__(PyFunction.java:449) at org.python.pycode._pyx4.processHttpMessage$3(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\Autorize.py:37) at org.python.pycode._pyx4.call_function(C:\Users\Legend\AppData\Roaming\BurpSuite\bapps\f9bbac8c4acf4aefa4d7dc92a991af2f\Autorize.py) at org.python.core.PyTableCode.call(PyTableCode.java:173) at org.python.core.PyBaseCode.call(PyBaseCode.java:306) at org.python.core.PyBaseCode.call(PyBaseCode.java:197) at org.python.core.PyFunction.__call__(PyFunction.java:485) at org.python.core.PyMethod.instancemethod___call__(PyMethod.java:237) at org.python.core.PyMethod.__call__(PyMethod.java:228) at org.python.core.PyMethod.__call__(PyMethod.java:218) at org.python.core.PyMethod.__call__(PyMethod.java:213) at org.python.core.PyObject._jcallexc(PyObject.java:3565) at org.python.core.PyObject._jcall(PyObject.java:3598) at org.python.proxies.__main__$BurpExtender$19.processHttpMessage(Unknown Source) at burp.bka.run(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832)

jpginc added a commit to jpginc/Autorize that referenced this issue Jan 27, 2021
@jpginc
Saving _extender in the MessageEditor class
adbaa58 
Might fix issue Quitten#63 . I didn't have a computer to test this so please test before merging :-)
@jpginc jpginc mentioned this issue Jan 27, 2021
Merged
@Quitten
Copy link
Owner

Quitten commented Feb 2, 2021

@LegendBegins - I just merged @jpginc PR that should resolve the errors you sent above, can you please pull the latest version and let us know if it is fixed?

@LegendBegins
Copy link
Author

@Quitten Thanks for looking into this for me. After updating, the errors are no longer being generated, but I'm still not seeing DELETE requests. It may be something specific to my system.

@jpginc
Copy link
Contributor

jpginc commented Feb 8, 2021

can you post an anonymize a missing request and response here. Have you tried un-checking the "ignore 304/204 status code responses" option?

@LegendBegins
Copy link
Author

That was the problem. I noticed that the boxes were hidden on my end until I expanded the right pane, so I must have missed them entirely.

Thanks for helping me resolve this!

@Quitten
Copy link
Owner

Quitten commented Feb 9, 2021

Happy the issue has been resolved :) Enjoy!
Closed.

@Quitten Quitten closed this as completed Feb 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpginc @Quitten @LegendBegins