Burp community forum

How to send a post request?

fyooo | Last updated: Aug 04, 2015 02:31AM UTC

I read the document and know that we could use `makeHttpRequest` to send request. I've tried that if I used `PARAM_URL`, it success. I've read this thread before: http://forum.portswigger.net/thread/1571/send-post-requests-burp-extension However, if I change it to `PARAM_BODY`, it failed. My testing web server works well, for example: ``` $curl --data "title=hi&body=ok" http://127.0.0.1/getreq title=hi&body=ok% ``` The source code of my extender was ``` public class BurpExtender implements IBurpExtender { private static final String HOST_TO = "127.0.0.1"; @Override public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { callbacks.setExtensionName("Http Sender"); IExtensionHelpers helpers = callbacks.getHelpers(); try{ URL r_url = new URL("http://127.0.0.1/getreq"); byte[] report_req = helpers.buildHttpRequest(r_url); String body_encode = helpers.urlEncode("title=hi&body=ok"); callbacks.printOutput("=== body: " + body_encode); IParameter body_param = helpers.buildParameter("body", body_encode, IParameter.PARAM_BODY); report_req = helpers.addParameter(report_req, body_param); byte[] resp = callbacks.makeHttpRequest(HOST_TO, 80, false, report_req); callbacks.printOutput(new String(resp)); }catch (MalformedURLException e){ callbacks.printOutput("New URL failed"); callbacks.printOutput("exception thrown: " + e.getMessage()); } } } ```

Burp User | Last updated: Aug 04, 2015 02:48AM UTC

I just read the source code of IExtensionHelpers.java, I found that `buildHttpRequest` is only use to create a `GET` request. I couldn't found a method that creates a `POST` request, `buildHttpMessage` creates full HTTP message, can it be sent by `makeHttpRequest`?

PortSwigger Agent | Last updated: Aug 10, 2015 09:31AM UTC

Once you have your GET request build, you could use the method IExtensionHelpers.toggleRequestMethod() to convert it to a POST request. Aside from the helper methods for dealing with these basic common actions, in general your extension might need to use its own code to construct requests with any unusual or specific features.

You need to Log in to post a reply. Or register here, for free.