Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

extract all parameters in request before scanner starts

Moein | Last updated: Feb 28, 2017 05:40AM UTC

I need to extract all parameters in request before scanner starts. I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working. but I need parameter names before scanner starts, so I can select which parameters to scan. I think it can be done with IScannerInsertionPointProvider, but I don't know how to do it.

PortSwigger Agent | Last updated: Feb 28, 2017 09:54AM UTC

Yes, you can do this with IScannerInsertionPointProvider. Have a look at the following sample extension for more details: https://github.com/PortSwigger/example-custom-scan-insertion-points

Burp User | Last updated: Mar 01, 2017 07:40AM UTC

it has get "one" parameter which is known from past. but I want to extract "ALL" parameters of any unknown request. I don't have pre-knowledge about the request and parameters.

PortSwigger Agent | Last updated: Mar 01, 2017 08:37AM UTC

You can use the following API to analyze a request and obtain its parameters: https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#analyzeRequest(burp.IHttpService,%20byte[])

Burp User | Last updated: Mar 04, 2017 08:10AM UTC

it doesn't return all parameters which active scanner does. if you give a POST request to it, it just returns POST parameters in data segment. if you give a GET request, it just returns cookie parameters. but active scanner also uses these parameters: *referrer, user Agent, Name_URL, Name_BODY -------- I want all these parameters.

PortSwigger Agent | Last updated: Mar 08, 2017 03:05PM UTC