Burp community forum

Adding POST request to site map also adds a GET for same URL

Jonathon | Last updated: Jul 16, 2015 08:48AM UTC

I have a simple class that implements IHttpRequestResponse and IHttpService. I use it to construct a IHttpRequestResponse object that is ultimately added to the site map using IBurpExtenderCallbacks#addToSiteMap. When instantiate my the class with a POST request and add it to the site map, a GET request to the same URL is added as well. Any idea what causes that? code snips here: http://git.io/vm09m

PortSwigger Agent | Last updated: Jul 16, 2015 12:19PM UTC

This behavior is actually by design. POST requests are added to the site map as a type of item that we refer to as a "parameterized request". The other main case of this item type is URL query strings. Parameterized request items are added as children of a "file item", which is a non-parameterized version of the same URL file. So if you add multiple GET or POST requests with different parameters but the same URL file, they will all be added to a parent item that represents that file. The file item obviously needs to appear in the site map, in order to hold its children. For any file item that has not yet been requested, if you select and view the item then Burp auto-generates a specimen GET request for that item, so that you can easily see what a request for that item would look like, and send it to other tools, etc. So you are right that Burp appears to be adding a second item to the site map, but this is solely a container to hold the real item you wanted to add, and until you request that second item explicitly, any representation of it in the site map is just generated by Burp for UI / eye candy purposes.

You need to Log in to post a reply. Or register here, for free.