Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

IBurpExtenderCallbacks#getToolName returns NULL

Yuji | Last updated: Aug 27, 2018 03:06AM UTC

The burpsuite 2.0beta and 2.0.01beta returns NULL when `IBurpExtenderCallbacks#getToolName` is invoked with the value `IBurpExtenderCallbacks#TOOL_SPIDER` of variable toolFlag. How to reproduce: Please load this Python extension. ```python from burp import IBurpExtender from burp.IBurpExtenderCallbacks import * class BurpExtender(IBurpExtender): def registerExtenderCallbacks(self, callbacks): for toolFlag in ( TOOL_SUITE, TOOL_TARGET, TOOL_PROXY, TOOL_SPIDER, TOOL_SCANNER, TOOL_INTRUDER, TOOL_REPEATER, TOOL_SEQUENCER, TOOL_DECODER, TOOL_COMPARER, TOOL_EXTENDER ): print( format(toolFlag, '08X'), callbacks.getToolName(toolFlag) ) ``` burp 2.0.01beta's result: ``` ('00000001', u'Suite') ('00000002', u'Target') ('00000004', u'Proxy') ('00000008', None) ('00000010', u'Scanner') ('00000020', u'Intruder') ('00000040', u'Repeater') ('00000080', u'Sequencer') ('00000100', None) ('00000200', None) ('00000400', u'Extender') ``` burp 1.7.37's result: ``` ('00000001', u'Suite') ('00000002', u'Target') ('00000004', u'Proxy') ('00000008', u'Spider') ('00000010', u'Scanner') ('00000020', u'Intruder') ('00000040', u'Repeater') ('00000080', u'Sequencer') ('00000100', None) ('00000200', None) ('00000400', u'Extender') ``` Thanks.

PortSwigger Agent | Last updated: Aug 29, 2018 08:20AM UTC

Thanks for reporting this. The change is intentional and TOOL_SPIDER will not be used going forward. While investigating your report we've discovered that the current beta does still use TOOL_SPIDER but we will be changing this in a subsequent beta release.

PortSwigger Agent | Last updated: Aug 30, 2018 02:29PM UTC

Thanks for reporting this Yuji. We've investigated and have fixed this issue. The fix was already released so if you update Burp to 2.0.02beta-105 you'll find that calling getToolName with TOOL_PROXY will return the string "Scanner". This is consistent with the new terminology introduced in Burp 2.0 where a crawl and an audit are both Scanner tasks. Cheers!

PortSwigger Agent | Last updated: Aug 31, 2018 09:43AM UTC

Hi Yuji, Thanks for letting us know. TOOL_EXTENDER returning "Scanner" was an error which we will fix in the next release. TOOL_SPIDER returning "Scanner" is intentional. Please let us know if you need any further assistance.

Burp User | Last updated: Sep 20, 2018 03:43AM UTC

Thank you for your reply, and sorry for my late reply. I confirmed it again with burp v2.0.06beta. | | 2.0.06 | 1.7.37 | | -------- | --------- | --------- | | 00000001 | Suite | Suite | | 00000002 | Target | Target | | 00000004 | Proxy | Proxy | | 00000008 | Scanner | Spider | | 00000010 | Scanner | Scanner | | 00000020 | Intruder | Intruder | | 00000040 | Repeater | Repeater | | 00000080 | Sequencer | Sequencer | | 00000100 | | | | 00000200 | | | | 00000400 | Scanner | Extender | Integrating to "Scanner" is reasonable, but unfortunately this new behavior is inconvenient for me. I explained the reason at the following URL. https://support.portswigger.net/customer/portal/questions/17283765-the-value-of-toolflag-transforms-from-tool-extender-to-tool-scanner I believe burp v1.7.37's behavior is most convenient for burp extension developers. Thanks,

Mark | Last updated: May 19, 2023 11:35AM UTC

Hi all, this change also broke Carbonator as it used the TOOL_Spider to submit new URLs to scanner. if tool_flag == self._callbacks.TOOL_SPIDER and isRequest: #if is a spider request then send to scanner https://www.integrissecurity.com/Carbonator also returns a 404. Could I suggest it should be removed from the BAPP store and the documentation for TOOL_SPIDER is updated to say it was removed?

Hannah, PortSwigger Agent | Last updated: May 22, 2023 02:10PM UTC

Hi Mark Could you provide some information around your use case for using this extension? It may be that Burp Suite Enterprise Edition, or our free Dastardly scanner, may be more suitable for how you wish to use Burp. We'll investigate further into whether we should remove Carbonator from the BApp Store. The Extender API is no longer receiving any updates, as we have released the new Montoya API. This contains additional functionality over the old API.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.