Images not sent to ILS - unexpected failure on Burp Inferred-Mime-Type API

[veggiespam]

ILS has used Burp's inferred mime type API call since nearly the beginning - it worked perfectly and ILS didn't have to re-process the mime type HTTP header or scan the response body for the file type (thus repeating processing Burp already did).

But, now, when use the latest 2025.4.x builds of Burp (and perhaps earlier...), the v1.1 ILS software in the B-App store and build-from-source software both fail to detect GPS info in nearly all image files - ILS is not getting triggered on images, the "inferred MIME type" seems to fail and images don't get sent to ILS.

[veggiespam]

After enabling debugging, we see that mimeInferred is empty. Added ❓ to logs to better indicate the missing value. The oddity is that the inferred type is correctly shown in the proxy logs and target logs.

doPassiveScan()
mimeStated: jpeg | mimeInferred: ❓❓ | /...path/abc.jpg | jpg

The code was modified to use the HTTP Header mimetype (aka Stated) and we can see that ILS does process a file and detect an information leakage.

doPassiveScan()
mimeStated: jpeg | mimeInferred:  ❓❓| /drewnoakes/metadata-extractor/refs/heads/main/Tests/Data/withXmp.jpg | jpg
Scanning for GPS location data.
Parsing image file /drewnoakes/metadata-extractor/refs/heads/main/Tests/Data/withXmp.jpg
/drewnoakes/metadata-extractor/refs/heads/main/Tests/Data/withXmp.jpg: found location: <ul><li>Location / IPTC
	<ul>
	<li>City = 'KITZBUEHEL'</li>
	<li>Province/State = '-'</li>
	<li>Country/Primary Location Code = 'AUT'</li>
	<li>Country/Primary Location Name = 'AUSTRIA'</li>
	</ul></li>
</ul>

Other instances:

mimeStated: jpeg | mimeInferred: ❓❓  | ext: jpg | /drewnoakes/metadata-extractor-images/refs/heads/main/jpg/Apple%20iPhone%205.jpg
Probably image file, scanning for data leakage.
Calling ILS.scanForLocationInImageHTML(response_body)
/drewnoakes/metadata-extractor-images/refs/heads/main/jpg/Apple%20iPhone%205.jpg: found data leakage: <ul><li>Location / Exif_GPS
	<ul>
	<li>47° 37' 37.8", -122° 20' 14.4"</li>
	<li>Altitude: 3.98 metres Sea level</li>
	</ul></li>
</ul>
mimeStated: jpeg | mimeInferred: ❓❓ | ext: jpg | /drewnoakes/metadata-extractor-images/refs/heads/main/jpg/Canon%20EOS%20350D.jpg
Probably image file, scanning for data leakage.
Calling ILS.scanForLocationInImageHTML(response_body)
/drewnoakes/metadata-extractor-images/refs/heads/main/jpg/Canon%20EOS%20350D.jpg: found data leakage: <li>Privacy / Canon
	<ul>
	<li>Owner Name = unknown</li>
	<li>Camera Serial Number = 002700194</li>
	</ul></li>

[veggiespam]

Fixed by check mimeStated, mimeInferred, or file extension for one of our valid mime types