Spidering + Form Submission
I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values"
I have given a field name and field value and enabled it to be submitted.
If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well.
In that case, when Burpsuite encounters a field that is not matched above, what will be the response ?
will users be prompted to submit value for that field ?
Could you please clarify ?
If you don’t define/select the “Set unmatched fields to” option then Burp will submit any unmatched text fields with empty values.
If I am going to use this spider results to then scan(Active scan - XSS/SQL injection) the websites, will these parameters (for which empty values were submitted) also considered for scan ?
If after submitting empty values, the websites returns the same form again (as it was incomplete), how ill Burpsuite handle this ? Will the form be submitted infinitely ?
1. Yes, the Scanner will still test any empty parameters in the usual way.
2. No, the Spider won’t submit the form again in this situation.