StringIndexOutOfBoundsException
sro0815 opened this issue · 4 comments
Kali Linux
BurpSuite Professional v2020.9.1
Param-Miner 1.24
Right Click on GET-Request in Proxy-History > Guess headers > Attack-Config (not modified) > Button OK
Output:
Updating active thread pool size to 8
Queued 1 attacks
Setting bucketSize to 2048 due to slow response
Initiating header bruteforce on **************************************************.web-security-academy.net
Attack aborted by exception
Error in thread: String index out of range: 0. See error pane for stack trace.
Errors:
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
at java.base/java.lang.String.charAt(String.java:711)
at burp.ParamHolder.lambda$removeBadEntries$0(ParamHolder.java:85)
at java.base/java.util.ArrayList.removeIf(ArrayList.java:1681)
at java.base/java.util.ArrayList.removeIf(ArrayList.java:1659)
at burp.ParamHolder.removeBadEntries(ParamHolder.java:85)
at burp.ParamHolder.addParams(ParamHolder.java:31)
at burp.ParamGuesser.guessParams(ParamGuesser.java:172)
at burp.ParamGuesser.run(ParamGuesser.java:77)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
at java.base/java.lang.String.charAt(String.java:711)
at burp.ParamHolder.lambda$removeBadEntries$0(ParamHolder.java:85)
at java.base/java.util.ArrayList.removeIf(ArrayList.java:1681)
at java.base/java.util.ArrayList.removeIf(ArrayList.java:1659)
at burp.ParamHolder.removeBadEntries(ParamHolder.java:85)
at burp.ParamHolder.addParams(ParamHolder.java:31)
at burp.ParamGuesser.guessParams(ParamGuesser.java:172)
at burp.ParamGuesser.run(ParamGuesser.java:77)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
Same Error:
Windows 10
Burp Suite Pro v2020.6
Param Miner 1.24
Using albinowaxUtils v0.12
Loaded Param Miner v1.24
CACHE_ONLY false
Updating active thread pool size to 8
Queued 1 attacks
Setting bucketSize to 2048 due to slow response
Initiating header bruteforce on ac591fe91f96a547809db0d6015800e8.web-security-academy.net
Attack aborted by exception
Error in thread: String index out of range: 0. See error pane for stack trace.
java.lang.StringIndexOutOfBoundsException: String index out of range: 0
at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48)
at java.base/java.lang.String.charAt(String.java:711)
at burp.ParamHolder.lambda$removeBadEntries$0(ParamHolder.java:85)
at java.base/java.util.ArrayList.removeIf(ArrayList.java:1681)
at java.base/java.util.ArrayList.removeIf(ArrayList.java:1659)
at burp.ParamHolder.removeBadEntries(ParamHolder.java:85)
at burp.ParamHolder.addParams(ParamHolder.java:31)
at burp.ParamGuesser.guessParams(ParamGuesser.java:172)
at burp.ParamGuesser.run(ParamGuesser.java:77)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
Thanks for the report, I'll take a look.
The good/bad news is this won't be a new issue - 1.24 just does a better job of displaying exceptions.
I've committed a fix - it'll be released today/tomorrow as 1.25
@albinowax That was fast. Thank you very much! Now it works.