Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Multi-Payload encoding rules and Encoding options for Scanner

Armando Dec 03, 2019 09:37AM UTC

Hi,

It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend. For example, lets say that a website sends this while searching for something:

eyJmaWx0ZXJzIjp7Im1hdGNoIjpbImFhYSJdfSwic2VsZWN0ZWRTb3J0IjoiUkVMRVZBTkNFIiwidHlwZSI6IkluZGV4IiwibmFtZSI6IkluZGV4In0=

This will be decoded to the following JSON (with payloads already delimited):

{"filters":{"match":["§aaa§"]},"selectedSort":"§RELEVANCE§","type":"§Index§","name":"§Index§"}

Wouldn't be possible to add another symbol to the intruder so it could wrap the whole JSON and apply a encoding to that selection?

This would also be very helpful if the scanner could take advantage of this information.

Best regards


Michelle Gillian Dec 04, 2019 01:57PM UTC Support Center agent

Hi

Thanks for the feedback.

We’ve passed this idea on to our product team so they can review it and assess demand. If you have any additional information which you feel would help them better understand the requirements, please let us know.


Post Your public answer

Your name
Your email address
Answer