Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

Intruder payload.

John | Last updated: Mar 08, 2016 04:12PM UTC

I am wondering I have loaded some payloads in example "/examples /examples/jsp/index.html /examples/jsp/snp/snoop.jsp" Lets say my URL is http://localhost.com/test/AnotherTest/test.php I have tried both with wrapping /AnotherTest/test.php and /AnotherTest/test.php when I look at the request tab after it has completed the request shows the url like this. http://localhost.com/test/%2fexamples http://localhost.com/test%2fexamples So from what I can see it's turning my "/" from the payload into a %2 Is this effecting my results after a scan? Thank you.

Burp User | Last updated: Mar 08, 2016 04:13PM UTC

Sorry had a mess up =/ I have tried both with wrapping /AnotherTest/test.php and AnotherTest/test.php when I look at the request tab after it has completed the request shows the url like this. I tried with both wrapping the url with it's included "/" and tried to leave it as well, that reflects in the results I showed under that. Thank you.

Liam, PortSwigger Agent | Last updated: Mar 08, 2016 04:41PM UTC

Hi John Thanks for your message. %2f is the URL Encoded value of the Forward Slash (/). Special characters need to be encoded in URL's, eg. +, & , etc. This shouldn't affect Burp Scan results. Please let us know if you need any further assistance.

Burp User | Last updated: Mar 08, 2016 05:00PM UTC

Thank you or your help. I knew it was encoding, but I never seen it encode any of the other /'s. But thank you for your very fast answer.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.