Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/augustd/burp-suite-error-message-checks
Burp Suite extension to passively scan for applications revealing server error messages
https://github.com/augustd/burp-suite-error-message-checks
burp burp-extensions burp-plugin burpsuite java penetration-testing pentest scanning
Last synced: about 2 months ago
JSON representation
Burp Suite extension to passively scan for applications revealing server error messages
- Host: GitHub
- URL: https://github.com/augustd/burp-suite-error-message-checks
- Owner: augustd
- Created: 2015-05-08T16:17:43.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2023-12-15T09:56:54.000Z (9 months ago)
- Last Synced: 2024-04-16T20:08:01.343Z (5 months ago)
- Topics: burp, burp-extensions, burp-plugin, burpsuite, java, penetration-testing, pentest, scanning
- Language: Java
- Homepage:
- Size: 292 KB
- Stars: 64
- Watchers: 6
- Forks: 26
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
[![Build Status](https://travis-ci.org/augustd/burp-suite-error-message-checks.svg?branch=master)](https://travis-ci.org/augustd/burp-suite-error-message-checks)
[![Known Vulnerabilities](https://snyk.io/test/github/augustd/burp-suite-error-message-checks/badge.svg)](https://snyk.io/test/github/augustd/burp-suite-error-message-checks)# burp-suite-error-message-checks
This Burp Suite 1.5+ extension passively detects server error messages in running applications. Some examples:- Fatal error: Call to a member function getId() on a non-object in /var/www/docroot/application/modules/controllers/ModalController.php on line 609
- You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax
- [SEVERE] at net.minecraft.server.World.tickEntities(World.java:1146)
- System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint) +2071
- c() called at [/tmp/include.php:10]
- Use of uninitialized value in string eq at /Library/Perl/5.8.6/WWW/Mechanize.pm line 695Often error messages may go unnoticed by a tester who is only looking at the application UI. This extension is designed to passively detect error messages, even during scanning, spidering, etc.
Match rules are loaded from a [remote tab-delimited file](https://github.com/augustd/burp-suite-error-message-checks/blob/master/src/main/resources/burp/match-rules.tab) at extension startup. Users can also load their own match rules from a local file or using the BApp GUI.
## Building:
`mvn clean install`