BeanStack - Stack-trace Fingerprinter

This extension automatically identifies Java frameworks and libraries by analyzing stack traces found in HTTP responses. It sends stack traces to the BeanStack API for fingerprinting and reports identified versions along with associated CVEs directly in the Burp Suite dashboard.

Note: This extension sends potentially private stack traces to a third-party service (beanstack.io) for processing.

Features

• Automatically detects Java stack traces in proxy traffic and API responses
• Identifies specific versions of frameworks and libraries from stack trace patterns
• Reports known CVEs with CVSS scores for identified versions (requires free API key)
• Creates scan issues organized by product or optionally by individual CVE
• Supports privacy-enhanced mode that hashes stack traces before submission
• Configurable class prefix blacklist to exclude internal or sensitive traces

Usage

1. Browse to a website that displays Java stack traces through the Burp proxy
2. The extension automatically detects stack traces in HTTP responses
3. View fingerprinting results as scan issues in the Dashboard or Target tab
4. Optional: Register for a free API key at beanstack.io to enable CVE detection
5. Optional: Configure settings via the BeanStack menu or right-click context menu in the Issues list