Highlighted
hugo.lau.beauca Absent Member.
Absent Member.
5678 views

WebInspect burp extension v1 : Failed to retrieve the scan test from Web Inspect 16.10.463.10

Hi,

I'm having problems to retrieve Request/Responses from the Web Inspect Scans with Burp suite Web Inspect extension.

I can see Web Inspect scans (Scan Completed) in Burp suite but I can't load the Request/Response from any scans. At first I couldn't see the Web Inspect scans since in windows the HP Fortify Console didn't had access to the scan folder. To solved this I followed this post :  Burp Pro/WebInspect Integration | Burp Suite User Forum. Now I can see the the Web Inspect scans but I can't retrieve the Request/Respons from them.

Since Web Inspect has change a lot ( now version 16.10.463.10)  and the Burp extension Web Inspect is still at v1 I'm suspecting more Burp Suite extension problems.

Below are some logs form Burp Suite Pro. I see some Illegale Arguments so I might not ne that far from the bug.

java.util.concurrent.ExecutionException
Java heap space
java.util.concurrent.FutureTask.report:-1
java.util.concurrent.FutureTask.get:-1
javax.swing.SwingWorker.get:-1
webinspect.extension.ui.WebInspectScanInteract$14.done:-1
javax.swing.SwingWorker$5.run:-1
javax.swing.SwingWorker$DoSubmitAccumulativeRunnable.run:-1
sun.swing.AccumulativeRunnable.run:-1
javax.swing.SwingWorker$DoSubmitAccumulativeRunnable.actionPerformed:-1
javax.swing.Timer.fireActionPerformed:-1
javax.swing.Timer$DoPostEvent.run:-1
java.awt.event.InvocationEvent.dispatch:-1
java.awt.EventQueue.dispatchEventImpl:-1
java.awt.EventQueue.access$500:-1
java.awt.EventQueue$3.run:-1
java.awt.EventQueue$3.run:-1
java.security.AccessController.doPrivileged:-2
java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege:-1
java.awt.EventQueue.dispatchEvent:-1
java.awt.EventDispatchThread.pumpOneEventForFilters:-1
java.awt.EventDispatchThread.pumpEventsForFilter:-1
java.awt.EventDispatchThread.pumpEventsForHierarchy:-1
java.awt.EventDispatchThread.pumpEvents:-1
java.awt.EventDispatchThread.pumpEvents:-1
java.awt.EventDispatchThread.run:-1

java.lang.IllegalArgumentException: Invalid data
at burp.p2c.bytesToString(Unknown Source)
at webinspect.api.utils.RESTResponse.toString(Unknown Source)
at webinspect.api.utils.WebInspectServices.getScanSessions(Unknown Source)
at webinspect.extension.ui.WebInspectScanInteract$14.doInBackground(Unknown Source)
at webinspect.extension.ui.WebInspectScanInteract$14.doInBackground(Unknown Source)
at javax.swing.SwingWorker$1.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at javax.swing.SwingWorker.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Regards,

Hugo

Labels (2)
0 Likes
2 Replies
Outstanding Contributor.. pprofili Outstanding Contributor..
Outstanding Contributor..

Re: WebInspect burp extension v1 : Failed to retrieve the scan test from Web Inspect 16.10.463.10

Hugo,

I'd recommend that you open a support case by sending an email to fortifytechsupport@hpe.com.  You may have indeed discovered a defect and Support will need to get some more details on the symptoms and the full logs to narrow down the issue.

0 Likes
Outstanding Contributor.. pprofili Outstanding Contributor..
Outstanding Contributor..

Re: WebInspect burp extension v1 : Failed to retrieve the scan test from Web Inspect 16.10.463.10

However - having just tried this out myself with the same versions - I see requests and responses on my scans.  Can you detail what you see?  Is it that the request and response tabs are blank or do you get an error of some sort?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.