Error Message Checks Extension for Burp Suite

This Burp Suite plugin passively detects detailed server eror messages, even during scanning, spidering, etc. It is written completely in Java and takes advantage of the Burp 1.5.x Extender API.

Often detailed error messages may not be visible during the normal course of testing. Some examples are:

  • Java: "[SEVERE] at net.minecraft.server.World.tickEntities(World.java:1146)"
  • ASP.Net: "System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint) +2071"
  • PHP: "c() called at [/tmp/include.php:10]"
  • Perl: "Use of uninitialized value in string eq at /Library/Perl/5.8.6/WWW/Mechanize.pm line 695"

The extension includes checks for error messages produced by: 

  • Java
  • ASP.Net
  • PHP
  • Perl
  • Python
  • Ruby (regex donated by James Kettle)
  • MySQL
  • MS SQL Server

I'm interested in any feedback or new detection patterns, please Tweet me @codemagi

Download binary. Source code is availabe on GitHUb.

Burp Suite 1.5.x required for use.

 

Creative Commons License
Error Message Checks by August Detlefsen is licensed under a
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.