Possible Bug at Regex based Passively Scanning

[arbazkiraak]

With reference to #26

There is an wierd bug while performming regex based Passively checks on responses.

• Sometimes it passively checks each and every requests & keeps creating issues based on patterns it detected (This is how it works).
• Sometimes it stops in the middle of the checks.
  ex: BurpBounty - HTML-DOM Reflections [5] let's imagine it caught 5 issues so far then it will freeze here no matter how much u crawl or perform passive scanning against target.
• Sometimes it doesn't initiate the scan itself (Highly possible when you have Multiple Regex Profiles under the directory.

To Reproduce the issue use the following Scan Patterns & Try the following 2 steps for around 5-6 times.

1. Run Burp/ Crawl couple of sites. (Keep an eye on No if issues it created in scanner dashboard.)
2. Then unload profile and load profile again.

---

Add some regex based patterns such as: in Grep set

• Passively Response.

• Grep Set Regex

ws(s)?:\/\/
document\.(URL|documentURI|URLUnencoded|baseURI|cookie|referrer)|location\.(href|search|hash|pathname)|window\.name|history\.(pushState|replaceState)(local|session)Storage
set(Timeout|Interval|Immediate)|execScript
ScriptElement\.(src|text|textContent|innerText)|.*?\.onEventName|document\.(write|writeln)
.*?\.innerHTML|Range\.createContextualFragment|(document|window)\.location
(eval|evaluate|execCommand|assign|navigate|getResponseHeaderopen|showModalDialog|Function|set(Timeout|Interval|Immediate)|execScript|crypto.generateCRMFRequest|ScriptElement\.(src|text|textContent|innerText))\(

• Grep Options : Exclude HTTP headers

[wagiro]

Due to the inactivity of the issue.