Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deprecated extender api used -registerMenultem() #9

Closed
shyixiu opened this issue Jan 29, 2018 · 10 comments
Closed

deprecated extender api used -registerMenultem() #9

shyixiu opened this issue Jan 29, 2018 · 10 comments

Comments

@shyixiu
Copy link

shyixiu commented Jan 29, 2018

When i installed blazer, the Alerts tab showed "Blazer:deprecated extender api used-registerMenultem()". And there is nothing happened after i click"Blazer - AMF testing".BTW,I used burp 1.7.30
@ikkisoft
Copy link
Owner

ikkisoft commented Feb 6, 2018

The alert shouldn't really affect the functionality, and it's just a warning. For instance, on Burp 1.3.72 enabling/disabling the sandbox works.

Please note that "Blazer - AMF testing" only works (e.g. will open the fuzzer interface) if there is an actual 'flex.messaging.messages.RemotingMessage' object in the HTTP request.

Are you sure that you're testing AMF-based remoting?
You should at least see an exception in std error "Does the request contain a valid 'flex.messaging.messages.RemotingMessage' ?!?"

@ikkisoft ikkisoft closed this as completed Feb 6, 2018
@shyixiu
Copy link
Author

shyixiu commented Feb 7, 2018

Thanks for your replying. At first I used Burp_v1.7.30 and there was some error message in the extender tab. Then I switch to Burp 1.6 and it works properly.

@ikkisoft
Copy link
Owner

ikkisoft commented Feb 7, 2018

If you can provide the exception, I will take a look. The alert on the deprecated API shouldn't matter.

@shyixiu
Copy link
Author

shyixiu commented Feb 8, 2018

Here is the exception:

java.lang.NullPointerException
	at burp.CustomMenuItem.menuItemClicked(BurpExtender.java:151)
	at burp.naf.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

@ikkisoft
Copy link
Owner

ikkisoft commented Feb 8, 2018

One more thing: can you send me the HTTP request/response that you're selecting when clicking on the menu item. You can use the export request/response feature of Burp. Thanks!

@ikkisoft ikkisoft reopened this Feb 8, 2018
@shyixiu
Copy link
Author

shyixiu commented Feb 9, 2018

Ok, I sent you an email.

@sandeepl337
Copy link

Same issue with the latest Burp. is this project dead or anyone still can fix this issue.

@ikkisoft
Copy link
Owner

ikkisoft commented Sep 4, 2018

I am no longer maintaining the project. Time permitting, I will take a look but it may take months.

@ccsplit
Copy link
Contributor

ccsplit commented Sep 20, 2018
edited

It appears the issue is caused by new Float(*) to obtain the current Burpsuite version. Especially within the current beta builds where getBurpVersion() returns Burp Suite, 2.0, 06beta.

Once I get a chance to properly test I will submit a PR if you don't end up resolving the issue.

ccsplit added a commit to ccsplit/blazer that referenced this issue Sep 24, 2018
@ccsplit
Fixed a couple of issues noticed with the newer burp versions.
4c5accf 
With the 2.0 beta versions it includes "beta" with the version. Therefore,
the `new Float(*)` call would fail. Changed it to have some checks for this case.

Also with the changes to burp it appears the saveConfig was deprecated, and therefore
I added a check to see if the version is greater than 1.7 and if so it will use the
saveConfigAsJson call. To parse this I included the GSON library and check the values.
With the new version it will also check if the proxy is running and then grab the values from it.

These fixes should resolve some of the issues seen with ikkisoft#9.
@ikkisoft ikkisoft mentioned this issue Sep 24, 2018
Merged
@ikkisoft
Copy link
Owner

Thanks to @ccsplit - this is actually fixed in v0.3.2

@hktalent hktalent mentioned this issue Apr 19, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sandeepl337 @ccsplit @ikkisoft @shyixiu