Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Target Analyzer - Parameters - specific POST request - not showing correct data when opened

Andrej | Last updated: Jul 31, 2015 01:04PM UTC

When I go to Target Analyzer - Parameters, I can see all occurrences of a specific parameter that Burp discovered. When I want to search e.g. for the parameter with name "parameter1", I can see all occurrences in the middle window. So far, so good. Even after clicking once on a specific line in the middle window, I can see occurrence of this parameter in the button window successfully. However, many times with POST methods or "GET|POST" method, when I either doubleclick on a line in the middle window (opening that particular request); or sending that line into the Repeater (by Ctrl+R shortcut), it only sends GET without the "parameter1" I was interested in. I think it stands to reason that if I get POST with the appearance of "parameter1" in the 3rd window, that sending this particular request to Repeater should send exactly the same data, not GET request which doesn't contain this parameter. The same applies for opening this request in new window too. Second issue is very similar - when I only select "parameter1" on the first windows, and there are some GET|POST in the middle window. I try to open it by doubleclick or even just single click and observing 3rd window, but there is no mention of "parameter1". It is most likely in POST part and it only shows GET which doesn't have it, hence I can't see the use of my parameter anywhere. It would be good to see the POST, not GET, where the parameter is present. Or if the parameter is present in both, there might be 2 lines or 2 separate tabs in 3rd window, so that I could access both and send both to the Repeater for manual testing.

PortSwigger Agent | Last updated: Aug 10, 2015 03:06PM UTC

Thanks for this report, and sorry for the slow reply. We're going to investigate this issue and will let you know if we need any further details.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.