Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Match and Replace

Nirav | Last updated: Aug 07, 2022 11:26AM UTC

For Example, I have a post request: -------- POST /cart.php HTTP/1.1 Host: testphp.vulnweb.com price=10&addcart=7&item=5 -------- Here is my XSS payload: "><script src=Google.com></script> now, what I want is that after the parameter value I want to add my XSS payload. Like this -------- POST /cart.php HTTP/1.1 Host: testphp.vulnweb.com price=10"><script src=Google.com></script>&addcart=7"><script src=Google.com></script>&item=5"><script src=Google.com></script> -------- I don't want to change the price value or add cart value to item value it should be the same value. In end, I want to add my XSS payload. just imagine I have more than 100 parameters in postbase. there is any idea or tip for me.?

Liam, PortSwigger Agent | Last updated: Aug 08, 2022 11:48AM UTC

Hi Nirav, thanks for your message. Would it be possible to use the Burp Bounty - Scan Check Builder to perform this check for you? -https://portswigger.net/bappstore/618f0b2489564607825e93eeed8b9e0a

Nirav | Last updated: Aug 10, 2022 05:22PM UTC

I mean to say, I want to check only and only blind XSS on every parameter post base and get base.

Liam, PortSwigger Agent | Last updated: Aug 10, 2022 07:34PM UTC

Have you tried configuring this in Burp's Audit options? - https://portswigger.net/burp/documentation/desktop/scanning/audit-options These settings control which issues Burp will check for and control how the Scanner places insertion points into each HTTP request that is audited.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.