Java Fingerprinting using Stack Traces
The easiest way is to download BeanStack from the BApp Store, which can be found in your Burp Suite under the Extender tab.
Alternatively, you can download the latest release
from this GitHub repository, or use your own build from build/libs/beanstack.jar. To install the jar:
- Launch Burp
- Create a temporary project or select a new/existing one
- Open the Extender tab
- Open the Extensions subtab
- Click the Add button
- Select the
jarfile - Leave all options as default, click "next", and finish the wizard
Browse to a website with a nice stack trace (such as beanstack.io) and make sure the response passes through the Burp proxy. It should automatically be picked up, query the API (in the background), and produce an "Issue" in the Dashboard or Target tab.
Dependencies:
apt install gradle default-jdk-headless
Note that for ancient versions of Gradle (pre-3.4, Feb 2017), you will need to
remove the bottom paragraph from build.gradle. Your version of Gradle cannot
produce reproducible builds.
Build:
make