Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Change parameter submitted during ActiveScan

Philippe | Last updated: Oct 02, 2018 03:04PM UTC

After migrating to 2.0+, where can we modify the values submitted (POST) during an Audit scan (e.g. Peter Winter, etc.)

PortSwigger Agent | Last updated: Oct 02, 2018 03:06PM UTC

Unfortunately, this isn't currently possible with Burp 2. Someone else also asked for this and we will investigate reintroducing the feature. Is this stopping you crawling an application? We'd be interested to know more details, especially if the randomly generated data is failing validation rules.

Burp User | Last updated: Oct 04, 2018 12:55AM UTC

Thanks for your response Paul. Two instances triggered our request 1) With certain applications, POST or GET requests will create entries in the backend database. We would like to be able to control the data submitted so that we can easily perform some cleaning after testing (for example prefix all submitted parameters with a fixed value that’s we can easily extract from the database afterwards). 2) Some application perform validation of certain parameters (for exemple ensure that the phone number submitted is correct for a given country) and whithout being able to control the data we’re submitting we may be missing some checks preventing us to reach further within the application. It would be great to reenable this feature in a near futur.

PortSwigger Agent | Last updated: Oct 04, 2018 08:06AM UTC

Thanks for explaining your use case, it makes sense. I've bumped this up a notch on the development plan, although in the short term we're focusing on fixing bugs and getting out of beta.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.