Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

More info on "Identify Backend Parameters"

Davide | Last updated: Aug 11, 2017 08:10AM UTC

During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context menu. I did that, but I got no feedback: where should I look for any result and or progress? Do I have to leave some window open? Can you please give me more assistance on this?

PortSwigger Agent | Last updated: Aug 11, 2017 09:54AM UTC

Hi there, if Backslash Powered Scanner manages to identify a backend parameter it will create a new scanner issue for it. You can find an indication of the current status of the scan for backend parameters under Extender->Extensions->BackslashPoweredScanner->Output. You're right that this isn't particularly obvious, I'll tweak the issue description to make it clearer. Cheers, James

PortSwigger Agent | Last updated: Aug 11, 2017 10:30AM UTC

Hi Falko, If Backslash finds any parameters it will report them as scan issues. If you simply want to see what it's doing behind the scenes, I recommend using Logger++ of Flow to observe the requests it's sending. Cheers, James

Burp User | Last updated: Aug 13, 2017 12:57PM UTC

Thank you very much for the info!

Burp User | Last updated: Nov 20, 2019 04:18PM UTC

Hi James, during a scan I've also found an endpoint with the issue observed by Davide. Aside from the Backend Parameter Injection, 'null' was identified as Magic Value for this endpoint. For the two requests concerning the Backend Parameter Injection a right click offers '*Identify backend parameters*'. I've clicked on 'Identify backend parameters' but cannot find its output. I've checked under Extender?Extensions?BackslashPoweredScanner?Output. This one shows the following output, indicating that the scanner was loaded. However, I cannot find any indication that the identification of backend parameters was started. I've also checked under Extender?Extensions?BackslashPoweredScanner?Errors. This one is empty. Where can I find the output of this scan? Thanks Falko --------- thorough mode: false confirmations: 8 encode everything: false debug: false try transformation scan: false try diffing scan: true diff: HPP: true diff: HPP auto-followup: false diff: syntax attacks: true diff: value preserving attacks: true diff: experimental concat attacks: false diff: experimental folder attacks: false diff: magic value attacks: true diff: magic values: "undefined,null,empty,none,COM1,c!C123449477,aA1537368460!" Loaded Backslash Powered Scanner v1.03 ---------

Liam, PortSwigger Agent | Last updated: Nov 21, 2019 03:22PM UTC

Thanks for the feedback. We've passed this on to James.

Burp User | Last updated: Nov 22, 2019 09:20AM UTC

Hi James, thank you for your reply. My impression was that Backslash didn't actually start the identification of parameters, as no such message was shown in its output tab. My colleague working on the same project found a similar endpoint and once he clicked '*Identify backend parameters*', a message was shown in the Backslash output tab saying "Initiating parameter name bruteforce". In my case no such message appeared. Today I tried again. '*Identify backend parameters*' on the first request did not start. Same behaviour as yesterday occured, no message in Backslash output and Flow doesn't show any outgoing requests. Once I chose '*Identify backend parameters*' on the second request shown in the issue however, the "Initiating parameter name bruteforce" appeared for the first time in Backslash's output tab and Flow showed matching requests from the Extender. It also identified a backend parameter just now. Not sure why it didn't work yesterday, I had clicked '*Identify backend parameters*' on both requests shown in the issue. Thanks Falko

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.