Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Intruder payload bug - square symbols between every character

pen | Last updated: Oct 04, 2017 09:43AM UTC

Every intruder attack include square blocks between every characker of payload. This happened sometimes, but now it's important case so i have to figure out why this happens here is pic: http://pl.tinypic.com/view.php?pic=n46xqq&s=9#.WdSslNFpGUk

PortSwigger Agent | Last updated: Oct 04, 2017 09:49AM UTC

Hi Pen, Thanks for your inquiry. That looks like UTF-16 encoding. The square block is used when the display font doesn't have a glyph for the character. You can see the raw value in hex view; I expect it is 00. This leads to the question of why UTF-16 encoding is in use. How did you set up the payloads? Sometimes copy & paste can result in unwanted UTF-16 encoding. Alternatively, this could be something to do with the request. You've obfuscated this in your screenshot. How was the request generated? Has this come from a Windows client application through Burp Proxy? Also, I'd be interested to see the headers.

Burp User | Last updated: Oct 04, 2017 11:03AM UTC

I found that, if I paste payloads manually (copy, paste) everything's fine. But if i load payloads by [Load ...] button and choose text file, then the attack are broken.

PortSwigger Agent | Last updated: Oct 04, 2017 11:06AM UTC

Hi Pen, Ok, that text file must be UTF-16 encoded. You can use a tool like GNU recode to change that - UTF-8 probably suits your needs better. Please let us know if you need any further assistance.

Burp User | Last updated: Oct 04, 2017 12:06PM UTC

Everything's good now. It was confusing that in payload tab in Intruder every payload was presented fine. You can close the topic, thanks.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.