Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Charset problem in intruder

Ahmed | Last updated: Apr 05, 2023 10:40PM UTC

I am testing an app which, in the app, some http requests contains Turkish characters. When i send the request to the repeater there is no problem. But if i send it to intruder i am facing with charset problems. On repeater: İSTANBUL BEŞİKTAŞ On intruder: Ä°STANBUL BEŞİKTAÅž I tried to change Settings -> User Interface -> Inspector and message editor -> Charset sets -> Use spesific character set to "UTF-8". Also i reset the burp settings. But nothing worked. In addition i am trying to write an extension. 1. Get request: helpers.bytesToString(currentRequest.getRequest()) 2. Get request info: IRequestInfo requestInfo = helpers.analyzeRequest(currentRequest.getRequest()); 3. Get request body: String messageBody = request.substring(requestInfo.getBodyOffset()) 4. Build http message: byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes()) 5. currentRequest.setRequest(updateMessage) Basicly, i get request body in a string format. And i update the request without modifying the string. But burp can't proccess the turkish character with buildHttpMessage function eventhough string is defined with "UTF-8" charset. The similar charset problem occurs i mentioned above. I found a workaround. I don't convert byte array request to the string. I am parsing byte array directly to obtain http body. However, this is still a bug.

Ahmed | Last updated: Apr 06, 2023 10:12AM UTC

Were you able to reproduce the issue? This is huge problem for us.

Hannah, PortSwigger Agent | Last updated: Apr 11, 2023 04:09PM UTC

Hi In Repeater, if you change the view to "Hex" and then back to "Pretty" or "Raw", does the data also get modified?

Ahmed | Last updated: Apr 12, 2023 11:22AM UTC

No, the data remains the same. This happens only if i send the request to the intruder. I asked my friends to test this behavior. They had the same issue.

Hannah, PortSwigger Agent | Last updated: Apr 14, 2023 09:28AM UTC

Thanks for that information. We've raised a bug report for this specific instance and added your +1 to an ongoing feature request for better support for multi-byte characters. Unfortunately, there is not a workaround for this issue. I've tested using the "Turbo Intruder" extension, and pasting the correct data into the Intruder positions window. However, the same issue still remains.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.