Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Issue object also record the original HTTP Message(base request and response)

bit4 Jun 03, 2018 02:32AM UTC

Hi Team,

Hope Issue object also record the original HTTP Message(base request and response) when record the HTTP messages on the basis of which the issue was generated.

why I need this?

I want to write a extender that can re-test specified issue (as descripted here: https://support.portswigger.net/customer/portal/questions/14466803-re-run-specific-scanner-checks) . it's need to get the base request of specified issue. I have go through the APIs, but haven't find any method to get it. that's the reason.

thanks!


Paul Johnston Jun 04, 2018 07:35AM UTC Support Center agent

Unfortunately, the extender API does not provide access from a scan issue to the base request. That’s something we may add in the future.

In the meantime, there’s a couple of approaches you could take. You have issue request; you could extract the URL and POST details, and search the site map for a similar request. Alternatively, if the IHttpRequestResponse object is an instance of IHttpRequestResponseWithMarkers, you could cast it and extract the marker positions. You could then replace the payload with some suitable base value, and use that as the base request.

For retesting issues you may find the Replicator extension useful. It’s in the BApp Store:

- https://portswigger.net/bappstore/56cf924977874104ac35e52962a9a553

bit4 Jun 20, 2018 03:57AM UTC
Hi Paul, Thanks for your reply. I have tried to use the Replicator extension. but I think that's not what I wanted.

in my opinion, I want to imply "On key retest". Just select issues and right click ,chose "rescan" to do that.

So, I still hope to add this function: let issue object record original HTTP Message(base request and response) .

thanks.

Paul Johnston Jun 20, 2018 09:51AM UTC Support Center agent

Hi,

Understood. I have added this to the development plan, although it may take us a little while to get to it. We’ll let you know when we make progress.


Post Your public answer

Your name
Your email address
Answer