Burp Suite User Forum

Create new post

burp doesn't take history like this path #something.php?image=photo.jpg

Tarikul | Last updated: May 24, 2020 10:36PM UTC

Today I notice my burp doesn't take history like this path #something.php?image=photo.jpg I might miss a lot of #directory_traversal vulnerability because of this wired behavior. How do I fix this issue?

Uthman, PortSwigger Agent | Last updated: May 25, 2020 08:06AM UTC

The # denotes a fragment in a URL. This is only processed by the user-agent (i.e. your browser) and never sent to the server. This will not be visible in the HTTP history since the traffic from your browser to the server is being proxied through Burp. Directory/path traversal vulnerabilities do not usually take this into account: - https://owasp.org/www-community/attacks/Path_Traversal - https://portswigger.net/support/using-burp-to-test-for-path-traversal-vulnerabilities

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.