Retire.js not working
The retire.js extension in Burp Suite Pro is not working.
I do not see any feedback during passive scanning in either the "Target>Issue" or "Scanner>Issue activity" tabs. The firefox Retire.js plugin does show issues so I know it should show something.
I just downloaded Pro with this plugin as one of the reasons. I do run on the newest Kali which has JRE version 10.0.2, please tell me if it is logical that it would be that. The extension it self has no errors, only shows Loading the latest...... as the last output.
Could you try using the Linux platform installer version of Burp Suite? This comes bundled with it’s own version of Java.
So the installer doesn't work at all....
(might be a second support ticket I should create :P)
Would it be possible to send us screenshots of the error messages you are encountering?
I got the following error: Could not initialize class sun.awt.X11GraphicsEnvironment
Which was due to how I was displaying over VNC and running the script with root.
For everyone with this issue, "unset DISPLAY" was all I had to do (as root) and then it worked.
Now for Retire.js, it also doesn't work with an installed Burp. The active scan that I did this night did show 1 of the vulnerable JS, but not the others (should be 4 if I believe Retire.js FireFox plugin). When passive browsing the scanner tab does report "Cross-domain script includes" that have the vulnerable JS libraries in them so I am sure something crosses through Burp that should be flagged by Retire.js.....
It might be worth contacting the developers of the extension to find out if they are doing anything differently:
If the application is public facing / part of a bug bounty scheme we could perform some testing ourselves?
Thanks for the update Krzysztof.