Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

File Signature Bytes

smorodina | Last updated: Nov 01, 2023 12:05AM UTC

Hello, I'm a user of Burp Suite Community Edition only. I'm testing by sending a request include a file with Content-type:multipart/form-data. A problem occurred if the file was manipulated by adding a JPG signature header bytes(FF D8 FF E0) to the beginning of the content When I click on the captured request in the Proxy-HTTP History menu, the signature bytes of the file I included in the request are displayed normally when viewed in HEX format. However, when switching between RAW and HEX or right-clicking the request and selecting Send to Repeater, each byte in the file header is changed from the existing value to 'EF BF BD'. As it changes from 1 byte to 3 bytes, the Content-Length header value also automatically increases. So, even though I tried to send the same file repeatedly using Repeater, the server did not recognize the initially sent file and the files in the duplicated request as the same MimeType. Please check this issue. I think Burp Suite is not properly handling some bytes that cannot be expressed as characters.

Hannah, PortSwigger Agent | Last updated: Nov 01, 2023 10:47AM UTC

Hi Could you drop us an email at support@portswigger.net with a screen recording or some screenshots of this behavior? It would also be useful to see how you are inserting/modifying your bytes. We've not currently been able to replicate this issue, which is why a screen recording or some screenshots would be helpful, so we can make sure we are using as similar an environment to you as possible.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.