Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Infiltrator and WebGoat JAR

Paul | Last updated: Jan 27, 2018 01:40PM UTC

Hi there, I downloaded the latest WebGoat release here: https://github.com/WebGoat/WebGoat/releases I tried running Burp Infiltrator in the same folder (eg. /tmp/webgoat/) After trying to run WebGoat JAR file, I get those errors: ```bash java -jar webgoat-server-8.0.0.M9.jar Exception in thread "main" java.lang.IllegalStateException: Failed to get nested archive for entry BOOT-INF/lib/asciidoctorj-1.5.4.jar at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:109) at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(JarFileArchive.java:87) at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(ExecutableArchiveLauncher.java:72) at org.springframework.boot.loader.Launcher.launch(Launcher.java:49) at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) Caused by: java.io.IOException: Unable to open nested jar file 'BOOT-INF/lib/asciidoctorj-1.5.4.jar' at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:252) at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:237) at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:104) ... 4 more Caused by: java.lang.IllegalStateException: Unable to open nested entry 'BOOT-INF/lib/asciidoctorj-1.5.4.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(JarFile.java:285) at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(JarFile.java:260) at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:248) ... 6 more ``` Not sure what I messed up exactly? Have a great day and thanks for your hard work.

PortSwigger Agent | Last updated: Jan 29, 2018 09:05AM UTC

Hi Paul, Thanks for your message. This is a known issue with Infiltrator. Previous versions of WebGoat did not cause the issue, but it appears that version 8 does. We are going to investigate resolving this in future versions of Infiltrator. In the meantime, please use this shell script to fix up your jar: - https://gist.github.com/pajswigger/7a63439ebf3a6c790cae9f297088e484 Please let us know if you need any further assistance.

Burp User | Last updated: Sep 14, 2018 11:41AM UTC

I ran into the same problem and the script fixed it for me. Thanks a lot!

PortSwigger Agent | Last updated: Sep 14, 2018 12:24PM UTC

We've investigated this and unfortunately the latest WebGoat is not compatible with Burp Infiltrator. We may release an update in future that better handles this. However, our current focus is Burp 2 and Burp Enterprise.

Burp User | Last updated: Dec 09, 2018 09:05AM UTC

For the newest WebGoat version as of this date (9 December 2018, webgoat-server-8.0.0.M21.jar) there still is a problem with infiltrator (tested with Infiltrator exported from Burp v1.7.37): 1) Patching of Webgoat JAR: Enter the file path to the target application bytecode. Use commas to enter multiple paths: [/opt/infil] Processing [/opt/infil/webgoat-server-8.0.0.M21.jar] 2) Attempt to open WebGoat $ java -jar webgoat-server-8.0.0.M21.jar Exception in thread "main" java.lang.IllegalStateException: Failed to get nested archive for entry BOOT-INF/lib/asciidoctorj-1.5.4.jar at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:109) at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(JarFileArchive.java:87) at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(ExecutableArchiveLauncher.java:72) at org.springframework.boot.loader.Launcher.launch(Launcher.java:49) at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) Caused by: java.io.IOException: Unable to open nested jar file 'BOOT-INF/lib/asciidoctorj-1.5.4.jar' at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:252) at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:237) at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:104) ... 4 more Caused by: java.lang.IllegalStateException: Unable to open nested entry 'BOOT-INF/lib/asciidoctorj-1.5.4.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(JarFile.java:285) at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(JarFile.java:260) at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:248) ... 6 more $ ./remove-jar-compression.sh webgoat-server-8.0.0.M21.jar 3) Remove JAR Compression with your Bash Script: $ ./remove-jar-compression.sh webgoat-server-8.0.0.M21.jar 4) Attempt to open WebGoat $ java -jar webgoat-server-8.0.0.M21.jar [...] 018-12-09 10:02:02.769 TRACE 22810 --- [ main] org.owasp.webgoat.plugins.PluginsLoader : Lesson loaded: Challenge8 2018-12-09 10:02:02.781 TRACE 22810 --- [ main] org.owasp.webgoat.plugins.PluginsLoader : Lesson loaded: Challenge7 2018-12-09 10:02:02.783 TRACE 22810 --- [ main] org.owasp.webgoat.plugins.PluginsLoader : Lesson loaded: Challenge1 2018-12-09 10:02:02.790 TRACE 22810 --- [ main] org.owasp.webgoat.plugins.PluginsLoader : Lesson loaded: IDOR 2018-12-09 10:02:09.210 WARN 22810 --- [ main] ationConfigEmbeddedWebApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'asciiDoctorTemplateResolver' defined in class path resource [org/owasp/webgoat/MvcConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.owasp.webgoat.AsciiDoctorTemplateResolver]: Factory method 'asciiDoctorTemplateResolver' threw exception; nested exception is java.lang.ExceptionInInitializerError 2018-12-09 10:02:09.220 INFO 22810 --- [ main]

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.