Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Intruder: Make it easier to retrieve long payloads from attack results

Jon | Last updated: Sep 13, 2016 04:53PM UTC

If a payload is quite long (when using, for example, the Bit Flipper payload on a long session token), it's truncated in the displayed results grid when the column is expanded. This isn't great, but it's livable if the whole original value could be retrieved by another method. Unfortunately there doesn't appear to be a way to do that. The Save Results Table function also truncates the values, simply outputting what's in the visible grid. The Save Selected Items function (right-click context menu) is better, in that at least the entire payloads are in the output; however, it's necessary to be able to parse the HTTP requests after the fact to extract them, which may be extremely difficult. Some ideas: - Add a configuration option to set the truncation length of the payloads up to a reasonable (high) maximum. - Export the original payloads in the Save Results Table output regardless of what's in the visible grid. - Export the original payloads in a new child element structure in the Save Selected Items output XML (this may also be handy for doing other things).

PortSwigger Agent | Last updated: Sep 14, 2016 01:14PM UTC

Thanks for this feedback. There is an option under "Attack results" called "store full payloads", which should enable you to view and export the full values of payloads even when they are very long.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.