Friday, 28 April 2023

SSRF in Dropbox

Hey all,

Last year I found an SSRF on Dropbox. Dropbox wrote a great blog on it and how they prevent it. 

Check it out here:

Thursday, 26 January 2023

Debugging burp suite extension error: NoSuchMethodError

I wanted to build a burp extension to forward the request's response to rabbitMQ. But following this tutorial:, the burp suite gave an error for proxy.registerResponseHandler() while loading the plugin:

After lots of googling and debugging, I couldn't resolve it. I even tried to load their own example extension, which also gave the same error(proxyhandler).

Since their own example wasn't working I decided to use legacy API to create the extension. On following the old tutorial:, it actually saved the Montoya API interface files:

In the saved interface files, there was no function for which we initially got in the error:

java.lang.NoSuchMethodError: 'burp.api.montoya.core.Registration burp.api.montoya.proxy.Proxy.registerResponseHandler(burp.api.montoya.proxy.http.ProxyResponseHandler)'

It was actually named as:

ResponseInitialInterceptResult handleReceivedResponse(InterceptedHttpResponse interceptedResponse, HttpRequest initiatingRequest, Annotations annotations){}


ResponseFinalInterceptResult handleResponseToReturn(InterceptedHttpResponse interceptedResponse, HttpRequest initiatingRequest, Annotations annotations){}

Implementing these functions solved my problem. Hope this helps.