java.lang.NullPointerException with "Report to Organizer" scan option #69
Description
Hi there!
There seem to be a little bug with the "Report to Organizer" option of a smuggler scan (in this case it was using scans CL.0 and Launch all scans), where the scan stops once a finding is discovered and this error appears:
Output:
Using albinowaxUtils v1.4
This extension should be run on the latest version of Burp Suite. Using an older version of Burp may cause impaired functionality.
Loaded HTTP Request Smuggler v2.17
Updating active thread pool size to 3
Loop 0
Loop 1
Queued 1 attacks from 1 requests in 0 seconds
Errors:
java.lang.NullPointerException: Cannot invoke "java.time.ZonedDateTime.toInstant()" because the return value of "burp.api.montoya.http.handler.TimingData.timeRequestSent()" is null
at burp.Zilo.sendToOrganizer(Unknown Source)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
at java.base/java.lang.reflect.Method.invoke(Method.java:580)
at burp.Zfq_.invoke(Unknown Source)
at jdk.proxy2/jdk.proxy2.$Proxy165.sendToOrganizer(Unknown Source)
at burp.Zfai.sendToOrganizer(Unknown Source)
at burp.Scan.reportToOrganiser(Scan.java:233)
at burp.Scan.report(Scan.java:197)
at burp.ImplicitZeroScan.doConfiguredScan(ImplicitZeroScan.java:112)
at burp.SmuggleScanBox.doScan(SmuggleScanBox.java:118)
at burp.Scan.doScan(Scan.java:81)
at burp.BulkScanItem.run(BulkScanItem.java:26)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1570)
If the "Report to Organizer" option is unchecked, the scan runs as normal:
Output:
Using albinowaxUtils v1.4
This extension should be run on the latest version of Burp Suite. Using an older version of Burp may cause impaired functionality.
Loaded HTTP Request Smuggler v2.17
Updating active thread pool size to 3
Loop 0
Loop 1
Queued 1 attacks from 1 requests in 0 seconds
Completed request with key xxxx: 1 of 1 in 24 seconds with 127 requests,0 candidates and 1 findings
This was tested with Burp Suite Pro v2024.12.1 installed on a Kali machine, the extension was installed from the BApp Store. If you need more info, let me know!