Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp Extension Python Import Error

John Jul 02, 2017 02:33PM UTC

Hi,

I'm trying to create a new python extension but i'm guessing Jython cannot find the burp libs so i'm getting the following error:
ImportError: cannot import name IBurpExtender

While the extension code for this test only had:
from burp import IBurpExtender

Jython2.7.0_Standalone
Burp 1.7.23

Could be related to syspath of something but i couldn't solve this problem.
I doubt i need to create my own burp class for everything but i also wonder where does it supposed to take the API's from? the burp.jar itself?

I should also mention i tried different variations of things:
different burp versions
separating all 3 files to a separate dir
looking online


Paul Johnston Jul 03, 2017 07:12AM UTC Support Center agent

Yes, interfaces like IBurpExtender should load from the main burp jar. This usually works without any particular configuration.

Do Python extensions in the BApp store work? e.g. NMAP Parser?

To get more info, try the following code:

print sys.path from java.lang import ClassLoader cl = ClassLoader.getSystemClassLoader() print map(lambda url: url.getFile(), cl.getURLs())

Please let us know if you need any further assistance.


John Jul 03, 2017 01:03PM UTC
Hi,

I got the following error from the provided code:
SyntaxError: ("no viable alternative at input 'from'"

at org.python.core.ParserFacade.fixParseError(ParserFacade.java:95)
at org.python.core.ParserFacade.parse(ParserFacade.java:190)
at org.python.core.Py.compile_flags(Py.java:1956)
at org.python.core.__builtin__.execfile_flags(__builtin__.java:527)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.id.<init>(Unknown Source)
at burp.emc.a(Unknown Source)
at burp.qg.run(Unknown Source)
at java.lang.Thread.run(Unknown Source


I think there might be something wrong with Java in my OS

But i've tried python extension from BApp store and they work fine, when coping the same extensions and loading them manually they again fail to find the Extender class.

Paul Johnston Jul 03, 2017 01:19PM UTC Support Center agent

Sorry, line breaks got messed up. Try this:

print sys.path
from java.lang import ClassLoader
cl = ClassLoader.getSystemClassLoader()
print map(lambda url: url.getFile(), cl.getURLs())

John Jul 03, 2017 05:00PM UTC
Ok here is the error i got:

Traceback (most recent call last):
File "<string>", line 1, in <module>
NameError: name 'BurpExtender' is not defined

at org.python.core.Py.NameError(Py.java:284)
at org.python.core.PyFrame.getname(PyFrame.java:257)
at org.python.pycode._pyx5.f$0(<string>:1)
at org.python.pycode._pyx5.call_function(<string>)
at org.python.core.PyTableCode.call(PyTableCode.java:167)
at org.python.core.PyCode.call(PyCode.java:18)
at org.python.core.Py.runCode(Py.java:1386)
at org.python.core.Py.exec(Py.java:1430)
at org.python.util.PythonInterpreter.exec(PythonInterpreter.java:267)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at burp.id.<init>(Unknown Source)
at burp.emc.a(Unknown Source)
at burp.qg.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)



And the output of the prints:


['C:\\Users\\admin\\Downloads\\test\\Lib', 'C:\\Users\\admin\\Downloads\\test\\jython-standalone-2.7.0.jar\\Lib', '__classpath__', '__pyclasspath__/', 'C:\\Users\\admin\\Downloads\\test']
[u'/C:/Users/admin/Downloads/test/burpsuite_pro_v1.7.23.jar']


Paul Johnston Jul 04, 2017 07:14AM UTC Support Center agent

Thanks for providing further information. That error is expected. The output is very useful – and shows that both the Python module path and Java class path are as expected.

I agree with your diagnosis. There appears to be something corrupt with either Java or Jython. I recommend you reinstall both.

To debug further you could try:

java -cp burpsuite_pro_v1.7.23.jar:jython-standalone-2.7.0.jar org.python.util.jython from burp import IBurpExtender

This should succeed. If it fails, send me the error message.


John Jul 04, 2017 11:15AM UTC
Hi Paul,

Thanks for the detailed info, regarding the cmd command this is the error:
Error: Could not find or load main class org.python.util.jython

I would really hate to do any reinstalls and overwrite my configuration so it would be better for me to resolve this issue manually, just need to understand what it's looking for.

I've installed Jython using the installer.jar and added it the PATH so it works from CMD
Added\Changed JAVA_HOME too so it's correct and working now.
JYTHON
JAVA_HOME
java
jython
all work and correct

Re ran the above afterwards and still received the same error :(

Paul Johnston Jul 04, 2017 11:24AM UTC Support Center agent

Hi John,

Burp needs the standalone Jython jar, not the installer. Can you double check that this file exists:

C:\Users\admin\Downloads\test\jython-standalone-2.7.0.jar

You need to execute the command I sent you in the directory:

C:\Users\admin\Downloads\test\

The error message indicates that it can’t find the main class within Jython. In that case you have some issue with Jython that is unrelated to Burp.

Please let us know if you need any further assistance.


John Jul 04, 2017 02:09PM UTC
Hi Paul,

Understood, but the standalone is there in the same folder, just in case here are the contents of that dir:

Directory of C:\Users\admin\Downloads\test

04-Jul-17 05:07 PM <DIR> .
04-Jul-17 05:07 PM <DIR> ..
02-Jul-17 05:27 PM 2,241 burp$py.class
03-Jul-17 07:57 PM 142 burp.py
13-Jun-17 01:52 PM 27,296,795 burpsuite_pro_v1.7.23.jar
13-Jun-17 01:33 PM 37,021,723 jython-standalone-2.7.0.jar

The error is still the same as i mentioned above (files were there previously too)

Any ideas how to debug it further?

Paul Johnston Jul 04, 2017 02:16PM UTC Support Center agent

Hi,

First, try:

cd C:\Users\admin\Downloads\test
java -cp jython-standalone-2.7.0.jar org.python.util.jython

That should create a Python interpreter. If not, please send me the precise error. (don’t say “same error as before” – that’s unclear)

Then try:

java -cp burpsuite_pro_v1.7.23.jar:jython-standalone-2.7.0.jar org.python.util.jython
>>> from burp import IBurpExtender

In addition, send a screenshot of the Extender > Options screen within Burp.


John Jul 04, 2017 04:07PM UTC
Hi,

For the first part there was no errors or issues.

For the second part after changing : to ; in
java -cp burpsuite_pro_v1.7.23.jar;jython-standalone-2.7.0.jar org.python.util.jython
Since it's loading 2 separate jars.
The command also ran without any issues and afterwards running
from burp import IBurpExtender
Also worked.

Here is a link to the SS
https://pasteboard.co/GzoGVNM.png

Now how do i make it work in the gui?

Paul Johnston Jul 05, 2017 07:29AM UTC Support Center agent

Hi John,

Thanks for following up, and correcting the colon (Mac/Linux) to semi-colon (Windows).

Lets recap where we’re up to:

1) IBurpExtender imports correctly from command-line Jython
2) Extension has correct sys.path and classpath
3) BApp store extensions work fine
4) A simple extension “from burp import IBurpExtender” fails

Can I ask you to try the Python hello world example from here:

- http://blog.portswigger.net/2012/12/sample-burp-suite-extension-hello-world.html

Hopefully that will work. Perhaps there is a typo in your original extension.

Otherwise, go back to the output of sys.path and classpath from the code I sent a couple of days ago. Go through each directory and make sure your user account can read them. Perhaps the importer / classloader is failing on an early directory. You could try setting sys.path in interactive Jython to see how it behaves.


John Jul 05, 2017 12:59PM UTC
Hi Paul,

The hello world application loaded successfully for me so i started playing with the original code to see what makes it work and ended up with something like this:

from burp import IBurpExtender

class BurpExtender(IBurpExtender):

def registerExtenderCallbacks(self, callbacks):

return


Have just the import line isn't enough and it will complain about not having BurpExtender but have a class the implements IBurpExtender even if it's empty solves this issue.

So in conclusion the test should be with an empty class and not just an import line :)

Thanks for all the help i"l take it from here.


As a side note and just to confirm there is no Intruder based API at this time right? just a way to pass info to the intruder tool.
So if i want to automate a custom attack scenario i would have to make a new tool from scratch right? i.e. dictionary based input validation on all the fields in the history tab.

Paul Johnston Jul 05, 2017 01:34PM UTC Support Center agent

Hi John,

Glad to hear it’s working! We’ll bear this in mind if someone else has a similar issue in future.

Yes, Intruder is only partially scriptable. Perhaps IIntruderPayloadGenerator would do what you need? Alternatively, you might be better using an IScannerCheck that implements doActiveScan.


John Jul 06, 2017 08:38AM UTC
Hi Paul,

Thanks for the help with the original issue!

IIntruderPayloadGenerator Only helps with custom payloads not initiating a full scale attack so tho it is useful in my case it still won't allow me to accomplish what is needed.

I think you are right regarding the active scan since i can use doActiveScan to initiate requests with my custom payload, this will limit the extension to the pro version but sounds achievable and reasonable enough.
Thanks for pointing it out i will continue to play with it..

Post Your public answer

Your name
Your email address
Answer