Burp community forum

extension - Burp-hash

greenfreq | Last updated: Apr 06, 2016 10:46PM UTC

I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within itself. Issue detail The REQUEST contains a SHA-384 hashed value that matches an observed parameter. Observed hash: 933dc2a4011e4e919771d764300888ad70d703570000000041420f00000000006e1d0183e970a6b8d979c67b55dcbc54 Source parameter: HTTP/1.1 200 OK The source parameter hashes to ea786dcabda9a0e41e5c5af57ec4426dcef79d6fd1eb83945868984c3614ff5c0dfec422c3ce2721483e03fb9c238129 so I'm not really sure why its reporting a hash match. The string that is highlighted in the Request is a base64 encoding of the "Observed" Hash.

PortSwigger Agent | Last updated: Apr 10, 2016 08:55AM UTC

I don't know if the authors of the Burp-hash extension are monitoring the Support Center, so it would be worth contacting them directly about this issue.

You need to Log in to post a reply. Or register here, for free.