Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Changing parameter data: unexpected behavior

gnothi | Last updated: Aug 15, 2020 07:18AM UTC

What I am trying to achieve is changing a parameter value. But in the greater perspective, I'm looking for the correct way on how to change multiple things to a request. The process I currently use, gives me unexpected results and I'd like to clear out what happens exactly: I have a: class Utils: @classmethod def changeRawData(cls, rawData, start, end, newContent): modified_raw_data = rawData[0:start] modified_raw_data = modified_raw_data + Utils.stringToBytes(cls.urlEncode(newContent)) modified_raw_data = modified_raw_data + rawData[end:] return modified_raw_data so basically it takes the raw (byte) body data and inserts bytes at a certain point. For that it will take every byte from the input data to the starting point offset, then insert the new data and then append everything from after the endpoint offset. Thereby effectively replacing the old value with a new one. An iParameter comes with values like: self.name = iParameter.getName() self.nameStart = iParameter.getNameStart() self.nameEnd = iParameter.getNameEnd() self.value = iParameter.getValue() self.valueStart = iParameter.getValueStart() self.valueEnd = iParameter.getValueEnd() So when I want to change a parameter, I can just do: modified_request_raw = Utils.changeRawData(iHttpRequestResponse.getRequest(), parameter.valueStart, parameter.valueEnd, modifiedValue) So basically take the raw body, find the place where the parameter value start and ends (from the iPamameter.getValueStart() and .getValueEnd()) and update the raw body. This does work perfectly... but the part I was not expecting is this: self.info = Utils.helpers.analyzeRequest(self.httpService, modified_request_raw) parameters = self.info.getParameters() So basically, I rebuild an iRequestInfo from the raw request I altered before. And I rebuild the iParameters from that new (modified) request. Then the iPamameter.getValueStart() seem to return a wrong values. It will actually return the original getValueStart()... I was kinda expecting if you rebuild an iRequestInfo and have it reprocess the iParameters, the getValueStart() would get updated to the new content that was altered. Can you let me know if this is expected behavior and why exactly that is? A second question: what is the correct process if you want to change multiple things to a request? Most things come with a start and end value, but say you want to insert two things in a request, after you inserted the first thing, the second start and end offsets are no longer correct and reanalysing them doesn't seem to do the trick, at least not for params. What is the Api's intended or suggested way to do this?

Hannah, PortSwigger Agent | Last updated: Aug 18, 2020 11:17AM UTC

Have you tried providing just the modified_request_raw byte array, rather than both that and the IHttpService item? If so, did you experience the same behavior? Have you had a look at any similar extensions that have the functionality that you are looking for, to see how they have implemented this? You can find the code for all extensions that are available on the BApp Store on our GitHub account (https://github.com/PortSwigger)

gnothi | Last updated: Aug 19, 2020 06:11AM UTC

"Have you tried providing just the modified_request_raw byte array, rather than both that and the IHttpService item? If so, did you experience the same behavior?" Note in the above code there are two points of building the modified_request_raw. The first time you need to build it from the iHttpRequestResponse, cause that's all you get from the iInterceptedProxyMessage: modified_request_raw = Utils.changeRawData(iHttpRequestResponse.getRequest(), parameter.valueStart, parameter.valueEnd, modifiedValue) That's the first time and there it works his fine. But the issue arises in the second time around: self.info = Utils.helpers.analyzeRequest(self.httpService, modified_request_raw) parameters = self.info.getParameters() Note that here, as you suggest, I build the iRequestInfo here from the raw data and not the iHttpRequestResponse. So if I build it the the second time from an iHttpRequestResponse, then yes, your point would have been a valid remark. "Have you had a look at any similar extensions that have the functionality that you are looking for, to see how they have implemented this?" Well, they don't actually: it's already a minority of extensions that modifies requests, but of those 25 to 30 I I selected so far, non seems to do more complex changes like changing two parameters at the same time or changing two places in a request body. But I must say, up till now I have only looked at community edition extensions... maybe I should check the pro ones. I'll do that. But: When it comes to the question of "what is a good process of changing parameters?" I currently use the iExtensionHelper removeParameter() and buildParameter(), which work fine: you can alter more than one parameter like that without running into the issue above described. So that works as expected. However: I double checked and if I use the method first described, then the issue persist and it's behavior I think should not exist: if a iRequestInfo is rebuild, I believe it should also rebuild the start and end values of it's parameters, don't you think? I will triple check in a small and dedicated piece of code and report back.

Hannah, PortSwigger Agent | Last updated: Aug 20, 2020 02:27PM UTC