Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Audit insertion points in nested GET parameters

Sebastian | Last updated: Apr 08, 2024 09:50AM UTC

Hi Portswigger, By default Burp Suit Professional does not recognize 'nested URL parameters' as insertion points. These are for example used by the Doctrine PHP ORM and look, for example like this: "GET /endpoint/?filter[where][active][eq]=1" Is there a setting/plugin/other possibility to include these as an insertion point for audits? Thank you in advance! Greetings, Sebastian

Sebastian | Last updated: Apr 08, 2024 12:03PM UTC

To specify: I mean 'where', 'active', and 'eq' as injection points.

Syed, PortSwigger Agent | Last updated: Apr 08, 2024 02:12PM UTC

Hi Sebastian,

Thank you for your query!

I am afraid this is not something that you can do in Burp as we do not have a setting or configuration change to accommodate this. In this case, Burp will consider filter[where][active][eq] as an insertion point with the value of '1'.

Sebastian | Last updated: Apr 10, 2024 07:03AM UTC