Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Auto-marking parameters in URL paths in intruder

TC Mar 13, 2017 10:44PM UTC

The swurg extension allows parsing swagger json files into items in burp that can be then sent to intruder, repeater, or scanner.

However, swagger json files allow for parameters inside URL paths. There seems to be no way to construct a URL path that can be auto-marked in the intruder tab.

Manually placing § in the swagger json file before it is parsed will appear as a different unicode character in the intruder tab url (box symbols).

Is there any way to extend or change this behaviour?


Dafydd Stuttard Mar 14, 2017 10:04AM UTC Support Center agent

You could modify the source code for this extension easily enough to compute the desired locations for your payload markers, and use these when items are sent to Intruder or Scanner, via the API.


TC Mar 14, 2017 04:32PM UTC
The extension already captures parameters in path and surrounds them with curly braces. Sending an item from the extension to intruder will show paths such as site.com/{param}/{param2}

However, when I change the curly braces to section signs (§), intruder tab will load them as Â. So it shows as site.com/ÂparamÂ/Âparam2Â

I can see that the HttpRequest body is stored in a byte array, and I'm assuming that when it is loaded into the intruder tab, it is decoded differently than how it was encoded?

Dafydd Stuttard Mar 14, 2017 04:38PM UTC Support Center agent

If you use a byte with value 0xA7 in your byte array that is sent to Intruder, this should show up as a payload position marker.

But the more elegant way to do it is to use the overloaded APIs that take a list of offsets to use as payload positions / insertion points:

https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#sendToIntruder(java.lang.String,%20int,%20boolean,%20byte[],%20java.util.List)

https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#doActiveScan(java.lang.String,%20int,%20boolean,%20byte[],%20java.util.List)


TC Mar 14, 2017 11:15PM UTC
Thank you, modifying the function in the extension as you mentioned worked well.

Post Your public answer

Your name
Your email address
Answer