Disabling URL Encoding in Spider
Intruder has a feature that allows the user to specify whether or not special characters should be URL-encoded. Is there a similar feature for custom values submitted with the spider?
There is no similar feature in Burp Spider. It’s worth noting that we have replaced Burp Spider with Burp Crawler.
Could you let us know your exact use case for this feature?
But the reason I ask is because sometimes when I'm doing manually testing I want the spider to submit a bunch of special characters into all parameters. Then I can look for strange behavior, errors, and so on.
When the request is a GET, the characters are double encoded; so if I tell Burp to submit this:
The spider submits the following:
This may cause the application to behave differently than if it submitted this:
Or at least that was my assumption. I'm not too experienced with webapp testing yet so maybe I'm just mistaken.
This doesn’t sound like something a crawler / spider is designed for. This sounds more like a scan check.
You could try using the Scan Check builder from the BApp store:
Please let us know if you need any further assistance.