header injection using burp intruder is not working as expected
Hi, I noticed one problem while trying to do automatic header injection using intruder.
i created emty placemarker in positions tab because I want to incert new header from the list of headers I have That is not a problem, how ever the problem is that the ":" gets replaced with "%3a%" for what ever reason.
The question is it normal to be that way or is it a bug? because it meens that i can't automate the process for injecting extra headers.
instead geting the original value from the list of payloads: Accept: text/plain
I am geting the folowing: Accept%3a%20text%2fplain
I am wondering then how cum original headers are not effected if they are in saime format???
thanks for your answers and suggestions in advanced.
i am running the free edition and it is a latest version as of post date.
Hi, In the Intruder > Payloads tab, at the bottom you should see a section labeled ‘Payload Encoding’. This section allows you to define certain characters that will be URL-encoded when processed by Intruder.
The ‘:’ character that you have referenced is configured by default to be encoded. If you remove it from the list/disable this feature, you should no longer encounter this change happening during the attack phase.