Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Intruder options:

Eric | Last updated: Nov 20, 2016 12:11AM UTC

Under Intruder, there is a section named "Payload Encoding", it allows to URL encode certain characters. Why is burp doing so, in other words, why are we bothering to URL encode the payloads before they reach the web application? Which advantages that might help us with?

PortSwigger Agent | Last updated: Nov 21, 2016 08:52AM UTC

You need to URL-encode certain characters for safe placement into the URL, and other locations like the message body in URL-encoded bodies. For example, if you put a literal space, ampersand or equals character into the URL, you risk breaking the request, or causing it to be handled differently.

Burp User | Last updated: Nov 21, 2016 04:27PM UTC

In other words, it would be for the safe transmission of those certain characters from the browser and burp to the web application. So this is not related to encoding to bypass a WAF or other web application security in place? Are there other encoding besides URL encoding in burp to help bypass a WAF for example?

PortSwigger Agent | Last updated: Nov 21, 2016 04:48PM UTC