Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Comparer Bulk Analysis to ID Unique Data

Jeremy | Last updated: May 17, 2023 03:07AM UTC

A nice feature for Comparer would be to highlight a large number of responses and have Burp identify variable elements of a response as well as how many requests from the set have this same value. The use case for this would be analysis of bulk Intruder results. For example, one might expect to see unique IDs for tracking features of the web app within the responses. This may in turn cause some fluctuation in the Content-Length as well. Finally, a single request from the set may include a slightly different text string which would otherwise be both difficult and time-consuming to spot. In this case, relying on things like Content-Length, response timing, HTTP status codes, 1:1 response data comparisons, etc will not be sufficient to perform bulk analysis within the condensed timeframes operators are generally subject to on an engagement. Consider the example output below to help demonstrate the concept: Element: Content-Length Value "3995": 12 occurrences Value "3996 : 50 occurrences Value "3997 : 18 occurrences Element: Body Line 23 Value: "fetch('/analytics?id=88504872')" : 1 occurrence (...continued for 99 more unique values) Element: Body Line 1294 Value "User or Password is Incorrect" : 99 Value "User or Password is Inocrrect" : 1

Michelle, PortSwigger Agent | Last updated: May 17, 2023 03:07PM UTC

Thanks for getting in touch. Would you just be interested in this information being summarised, or would you also want to identify which of the requests contained the information? What is a particular response contained the string you were looking for twice? Would both occurrences be counted, or would you be more interested in the number of responses that contained the information?

You need to Log in to post a reply. Or register here, for free.