Possible Bug at Handling Exception on Regex Grepping

[arbazkiraak]

Hello @wagiro

• We have option to add the regex based patterns under response Tab, Problem here is if any one of regex pattern is invalid/broken then tool will stop scanning rest of the requests.

• I Tried this in Passive Response Scanning , Please let me know if you are able to reproduce this.

While processing the regex based patterns, give a try & catch exception handling rule to throw the errors directly to stderr of the extension so that we can fix the broken regex pattern.

[wagiro]

Hi @arbazkiraak !

Yes it's a bug, because I don't handle the exception. Next Monday I will release new version with cool improvements, and this issue fixed.

Thanks for the issue!

[wagiro]

Hi @arbazkiraak ,

I solved this bug. The new code looks like:

try {
    if (excludeHTTP && !onlyHTTP) {
        beginAt = responseInfo.getBodyOffset();
        p = Pattern.compile(grep);
        m = p.matcher(responseString);
    } else if (!excludeHTTP && onlyHTTP) {
        p = Pattern.compile(grep);
        m = p.matcher(headers);
    } else {
        p = Pattern.compile(grep);
        m = p.matcher(responseString);
    }
} catch(PatternSyntaxException pse){
    callbacks.printError("Incorrect regex: "+ pse.getPattern());
    return null;    
}

Thanks!

[arbazkiraak]

Hi @wagiro ,

That was so quick, Hopefully, it will fix the issue, however, I noticed few other bugs related to regex based scanning. But before i need to confirm it though the latest version or fix of above exception handling rule.

I Suggest you to maintain a development/Alpha version of Burp Bounty along with Beta release.