Skip to content
X41 BeanStack - Stack Trace Fingerprinting BETA
Java Makefile
Branch: master
Clone or download
Luc Gommans (X41)
Luc Gommans (X41) Fix: CVEs weren't shown after adding an API key
If you saw a stack trace fingerprint without having an API key
configured, therefore not seeing CVEs (if any), then configured an API
key and triggered the stack trace again, the extension would find that
it already did this API request and not request it again. Rather, after
adding an API key, it should retry the request, such that CVEs can be
found.
Latest commit 7766cf5 Jul 26, 2019

README.md

X41 BeanStack (beta)

Java Fingerprinting using Stack Traces

https://beanstack.io

Installing the Burp Extension

Download the latest release or use your own build from build/libs/beanstack.jar.

  1. Launch Burp
  2. Create a temporary project or select a new/existing one
  3. Open the Extender tab
  4. Open the Extensions subtab
  5. Click the Add button
  6. Select the jar file
  7. Leave all options as default, click "next", and finish the wizard

Installation screenshot

Extension Usage

Browse to a website with a nice stack trace (such as beanstack.io) and make sure the response passes through the Burp proxy. It should automatically be picked up, query the API (in the background), and produce an "Issue" in the Dashboard or Target tab.

Example issue screenshot

Building From Source

Dependencies:

apt install gradle default-jdk-headless

Note that for ancient versions of Gradle (pre-3.4, Feb 2017), you will need to remove the bottom paragraph from build.gradle. Your version of Gradle cannot produce reproducible builds.

Build:

make
You can’t perform that action at this time.