Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Getting Parameters/Payload that triggered the vulnerability via GraphQL in BSE

rwtr988x | Last updated: Sep 16, 2021 09:52AM UTC

Hi, how would get the affected parameters, payloads etc. that are mentioned in the "Issue detail" section (usually bold) of a certain Issue via GraphQL (BurpSuiteEnterprise). If GraphQL is not capable of that functionality, is there a workaround to achieve this? Thank you!

Maia, PortSwigger Agent | Last updated: Sep 16, 2021 11:16AM UTC

Hi, Thanks for your message. The text in the "Issues details" box can be returned using the description_html field under the Issue object. The documentation can be found here: https://portswigger.net/burp/extensibility/enterprise/graphql-api/Issue.html You can also use the Evidence interface to return more details. The documentation can be found here: https://portswigger.net/burp/extensibility/enterprise/graphql-api/Evidence.html

rwtr988x | Last updated: Sep 17, 2021 02:01PM UTC

Hi, thank you very much for your reply. Just to clarify: It is not possible to make a GraphQL query that returns the affected parameter and the corresponding payload that triggered the XSS, for example? I will get this Information only from the description_html field of the Issue or the request/response/highlight_html data, right?

Maia, PortSwigger Agent | Last updated: Sep 20, 2021 02:37PM UTC