Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

After injecting the payload via POST/GET request, check if a specific string is present

James | Last updated: Jun 25, 2017 06:31PM UTC

Hello, I'm trying to figure out if it's present an extension or a native Burp function to check if a string (or the payload by itself) is present on multiple (or individual) specified webpages after the payload gets processed via POST/GET request -- it would be very useful for Repeater and Intruder (and maybe others). Example: I do a GET request to http://example.org/jsonget.php?add=§var1§, but it gives me a JSON response format, not the webpage(s) response source where I actually want to check if a specific string is successfully injected (or if the payload is injected). I basically need some kind of extension or native Burp feature where I can specify one or more webpages to request (and get back the response where I grep the payload or some other strings). So, is this feature available?

Burp User | Last updated: Jun 25, 2017 06:33PM UTC

Clarification: I basically need some kind of extension or native Burp feature where I can specify one or more webpages to request (and get back the response where I grep the payload or some other strings WHILE PROCESSING THE REQUEST IN THE INTRUDER, FOR EXAMPLE, SO PAYLOAD OR SPECIFIED STRINGS GETS FLAGGED).

PortSwigger Agent | Last updated: Jun 26, 2017 06:52AM UTC

Hi James, Thanks for your inquiry. It sounds like the "Grep - Match" feature in Intruder will do what you want. When setting up your Intruder attack you can find this on the Options tab. Please let us know if you need any further assistance.

Burp User | Last updated: Jun 26, 2017 03:32PM UTC

Paul, thanks for your reply. But I want to use "Grep - Match" to match on other webpages, not the webpage I'm going to make the request.

Burp User | Last updated: Jun 27, 2017 12:55AM UTC

Anyone? Tell me if you understood my request: after I upload the payload via a POST request to a specific webpage, I basically need to check if two webpages (in the same host) have that payload in the source.

PortSwigger Agent | Last updated: Jun 27, 2017 07:31AM UTC

Hi James, Sorry, I misunderstood you first time round. A few options: 1) In Scanner > Options > Active Scanning Areas you can turn on "Input returned in response (stored)". This supports multiple pages, but from Active Scan only. 2) To check just one other page in Intruder, you can use a session handling rule with a post-request macro. Set "Pass back to the invoking tool" to "The final response from the macro" 3) To search for a particular string you can right click the host in Site map, then Engagement tools > Search 4) To interactively search multiple pages from Repeater / Intruder you would need to write an extension. Shouldn't be difficult. Please let us know if you need any further assistance.

Burp User | Last updated: Jun 27, 2017 09:48PM UTC

Could you help making an extension sample? I am not very familar with Burp's APIs.

PortSwigger Agent | Last updated: Jun 28, 2017 08:22AM UTC

Hi James, There's a "Hello World" example extension here: - http://blog.portswigger.net/2012/12/sample-burp-suite-extension-hello-world.html If you're familiar with Python, I suggest using that. It's quicker to prototype one-off extensions.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.