Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Fuzzing SQL i

Marcos | Last updated: Mar 04, 2021 11:32PM UTC

I have a question on the intruder payload used for fuzzing SQLi. The payload has {base} in the prefix, example: {base}'#, {base} or 7=7#, and many others. I have never encountered {base} syntax for sqli payload before, therefore, would like to get more details on use case. Is there documentation or reference I can use?

Uthman, PortSwigger Agent | Last updated: Mar 08, 2021 02:04PM UTC

'{base}' is a placeholder. You will need to set up a payload processing rule for the Intruder to process the placeholder correctly. You can find out further information below: - https://portswigger.net/burp/documentation/desktop/tools/intruder/payloads/types

Jean-Sebastien | Last updated: Jul 08, 2021 12:08PM UTC

I have to admit, I amazed at the laziness PS has when it answers questions. I think it's about time you start answering questions correctly (in flow), and not simply push to some page that ultimately doesn't have the answers we're looking for. As a pro user and responsible for pentests in a major financial institution, I'm disappointed with similar answers. And this is a good one. Maybe simple, but a good one. Remember, if more people truly understand your product, the better chance they have using it... I think this has been forgotten a while ago at PS.

Liam, PortSwigger Agent | Last updated: Jul 08, 2021 12:58PM UTC

Hi Jean-Sebastien. We endeavor to provide a high level of support to all our users. This includes maintaining and updating our documentation and sharing it when we feel it would be helpful. What can we help you with?

SaS | Last updated: Aug 04, 2022 07:35AM UTC

Hi, Like Sabastien, We're waiting for an answer about "{Base}" usage in Payload. This link don't provide the answer : https://portswigger.net/burp/documentation/desktop/tools/intruder/payloads/types Thanks

Ben, PortSwigger Agent | Last updated: Aug 04, 2022 08:04AM UTC