Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

decoding/encoding http request

NazarMedeiros | Last updated: Oct 19, 2016 12:56PM UTC

Hello, I want to use following request to send it to the server!. /**********************************************/ POST /vaadin_vulnerabilities/UIDL/?v-uiId=2 HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json; charset=UTF-8 Referer: http://localhost:8080/vaadin_vulnerabilities/ Content-Length: 368 Cookie: JSESSIONID=A69A1ED247137029AE5E733A7A4E2C8F Connection: close {"csrfToken":"a8ead857-c340-4d28-8474-227aa85c06fd","rpc":[["43","v","v",["text",["s","soiudalk"]]],["43","v","v",["c",["i",8]]],["45","com.vaadin.shared.ui.button.ButtonServerRpc","click",[{"altKey":false,"button":"LEFT","clientX":123,"clientY":627,"ctrlKey":false,"metaKey":false,"relativeX":86,"relativeY":29,"shiftKey":false,"type":1}]]],"syncId":34,"clientId":49} /**********************************************/ The java code I am using for this look like: /**********************************************/ Thread thread = new Thread(new Runnable() { @Override public void run() { for(int i = 0; i < payloadListString.size(); ++i) { String requestString = requestInformationArea.getText(); byte[]requestByte = replaceContent(requestString, payloadListString.get(i),1).getBytes(); byte[]response = callbacks.makeHttpRequest("localhost", 8080, false, requestByte); //System.out.println(new String(response)); IResponseInfo info = helpers.analyzeResponse(response); defaultTableModel.addRow(new Object[] {i,payloadListString.get(i),info.getStatusCode(),info.getHeaders().size()}); } } }); thread.start(); /**********************************************/ The problem is that whenever I use special characters in my request, my apache tomcat server crashes. But within the Repeater tab in burp I can use special characters without any problems. So I would like to know if I can encode my request somehow. Does the Repeater use encoding as a standard setting? Best regards, Nazar

PortSwigger Agent | Last updated: Oct 20, 2016 08:01AM UTC

What do you mean by special characters? From your code, it looks like you are capturing the request as a string, and just doing a "getBytes()" to convert to a byte array. This operation isn't safe across the whole character range, and Burp provides some safe methods for string/byte conversions that you could try using instead.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.