Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Spidering + Form Submission

Karthik Aravind May 13, 2015 07:17AM UTC

I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values"
I have given a field name and field value and enabled it to be submitted.

If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well.

In that case, when Burpsuite encounters a field that is not matched above, what will be the response ?

will users be prompted to submit value for that field ?

Could you please clarify ?

Dafydd Stuttard May 13, 2015 07:59AM UTC Support Center agent

If you don’t define/select the “Set unmatched fields to” option then Burp will submit any unmatched text fields with empty values.

Karthik Aravind May 13, 2015 09:19AM UTC
Thanks for the response.

Question 1:
If I am going to use this spider results to then scan(Active scan - XSS/SQL injection) the websites, will these parameters (for which empty values were submitted) also considered for scan ?

Question 2:
If after submitting empty values, the websites returns the same form again (as it was incomplete), how ill Burpsuite handle this ? Will the form be submitted infinitely ?

Dafydd Stuttard May 13, 2015 11:24AM UTC Support Center agent

1. Yes, the Scanner will still test any empty parameters in the usual way.

2. No, the Spider won’t submit the form again in this situation.

Karthik Aravind May 13, 2015 12:32PM UTC
Dafydd - Thanks for your response. This clarifies my query.

Post Your public answer

Your name
Your email address