Error Message Checks Extension for Burp Suite
This Burp Suite plugin passively detects detailed server eror messages, even during scanning, spidering, etc. It is written completely in Java and takes advantage of the Burp 1.5.x Extender API.
Often detailed error messages may not be visible during the normal course of testing. Some examples are:
- Java: "[SEVERE] at net.minecraft.server.World.tickEntities(World.java:1146)"
- ASP.Net: "System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint) +2071"
- PHP: "c() called at [/tmp/include.php:10]"
- Perl: "Use of uninitialized value in string eq at /Library/Perl/5.8.6/WWW/Mechanize.pm line 695"
The extension includes checks for error messages produced by:
- Ruby (regex donated by James Kettle)
- MS SQL Server
I'm interested in any feedback or new detection patterns, please Tweet me @codemagi
Download binary. Source code is availabe on GitHUb.
Burp Suite 1.5.x required for use.
Error Message Checks by August Detlefsen is licensed under a
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.