Burp Suite User Forum

Create new post

BChecks - How to append something to each query parameter?

Ivo | Last updated: Nov 24, 2023 10:54AM UTC

Hi, I want to create a BCheck that appends something to each query parameter and checks if the response differs from the base response: metadata: language: v2-beta name: "Basic SQLi Checker" run for each: payload = "'", "\"" given request then if ({base.response.status_code} is "200") then send request called check: # TODO for each query parameter append {payload} if not({check.response.status_code} is {base.response.status_code}) then report issue and continue: severity: info confidence: tentative detail: `Potential SQL Injection detected at {check.request.url}. Confirm manually.` end if end if Can this even be done with a BCheck? Kind regards, Ivo

Hannah, PortSwigger Agent | Last updated: Nov 27, 2023 10:47AM UTC

Hi

It sounds like you would need to use a "given query insertion point then" check.

You could then do something like:
metadata:
    language: v2-beta
    name: "Basic SQLi Checker"

run for each:
    payloadSet =
        "'",
        "\""

given query insertion point then
    send payload called check:
        appending: {payloadSet}

    if {check} differs from {base} then
        report issue:
            severity: info
            confidence: tentative
            remediation: ""
            detail: ""
    end if

Ivo | Last updated: Nov 27, 2023 01:03PM UTC

Exactly what I was looking for! Thank you :)

Ivo | Last updated: Nov 28, 2023 10:20AM UTC

Another question: I created the following BCheck that shows an error "Unexpected error occured while running BCheck Basic SQLi Checker: Ztng - Attempting to reference an undefined variable: check2" ``` metadata: language: v2-beta name: "Basic SQLi Checker" given query insertion point then if {base.response.status_code} is "200" then send payload called check1: appending: "'" send payload called check2: appending: "''" if {check1} differs from {base} and {check2} is {base} then report issue: severity: high confidence: certain detail: "" end if end if ``` Not sure what I am doing wrong here.

Hannah, PortSwigger Agent | Last updated: Nov 28, 2023 04:56PM UTC

Hi Could you tell me the version of Burp that you are using? On v2023.10.3.6, this works as expected for me and sends both payloads.

Ivo | Last updated: Nov 29, 2023 02:27PM UTC

I am running v2023.10.3.6 on Kali Linux. The payloads are being sent, that's not the issue. I just noticed that inside the BChecks editor Event Log tab the mentioned error message appears.

Hannah, PortSwigger Agent | Last updated: Nov 30, 2023 12:53PM UTC

Is this message displaying when you click the "Validate" button? To clarify, even with this message appearing, can you still run the tests against your chosen requests and receive output?

On a slight tangent, to prevent unnecessary requests from being sent, we recommend making the following changes to your BCheck:

metadata:
    language: v2-beta
    name: "Basic SQLi Checker"

given query insertion point then
    if {base.response.status_code} is "200" then
        send payload called check1:
            appending: "'"

        if {check1} differs from {base} then
            send payload called check2:
                appending: "''"

            if {check2} is {base} then
                report issue:
                    severity: high
                    confidence: certain
                    detail: ""
            end if
        end if
    end if
By moving "check2" into the if block, you will only send the additional payload if the first criteria has been met.

Ivo | Last updated: Dec 01, 2023 10:07AM UTC

Thank you for recommending to move the second payload into a separate if block. Definitely makes sense to only send it when the first request leads to a different response. No, the error message appears when I run the BCheck and yes, the requests are still being sent and the findings created.

Hannah, PortSwigger Agent | Last updated: Dec 01, 2023 02:10PM UTC

Thanks for that information. Could you drop us an email at support@portswigger.net with some screenshots of this occurring? It would also be useful if you could attach a copy of your diagnostics information (Help > Diagnostics). We'll try to see if we can replicate the error message that you are encountering.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.