You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've encountered it several times already that the hostname and port where requests are sent to are wrong. In my current example this leads to a fully unusable extension. After parsing the WSDL, it will fetch the XSD from the server. The XSD has a reference:
However, the extension then fetches /2005/05/xmlmime from the server where the WSDL is located instead of www.w3.org. Of course that results in a 403 HTML response and then the parser fails with:
WSDLException (at /wsdl:definitions/wsdl:types/xsd:schema/xsd:schema): faultCode=PARSER_ERROR: Problem parsing 'http://www.w3.org/2005/05/xmlmime'.: org.xml.sax.SAXParseException: The element type "meta" must be terminated by the matching end-tag "</meta>".
Had to proxy Burp through Burp and intercept HTTP responses, then simply replace the 404 status code with 200 and paste the XML response of view-source:https://www.w3.org/2005/05/xmlmime
The text was updated successfully, but these errors were encountered:
floyd-fuh
changed the title
Broken parsing
Broken parsing - wrong host
Apr 4, 2022
Hi there,
I've encountered it several times already that the hostname and port where requests are sent to are wrong. In my current example this leads to a fully unusable extension. After parsing the WSDL, it will fetch the XSD from the server. The XSD has a reference:
<xsd:import namespace="http://www.w3.org/2005/05/xmlmime"However, the extension then fetches /2005/05/xmlmime from the server where the WSDL is located instead of www.w3.org. Of course that results in a 403 HTML response and then the parser fails with:
Looks like the parsing logic here is wrong:
Wsdler/src/main/java/burp/WSDLParser.java
Line 145 in 102d9de
Workaround:
Had to proxy Burp through Burp and intercept HTTP responses, then simply replace the 404 status code with 200 and paste the XML response of view-source:https://www.w3.org/2005/05/xmlmime
The text was updated successfully, but these errors were encountered: