Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Montoya sendToIntruder requires insertion points to be in size order

Tyler | Last updated: Oct 17, 2023 09:17AM UTC

Hi, When creating custom insertion points, if they are not in size order the API throws an IllegalArgumentException: Invalid custom payload positions. To replicate this: Create a list of Ranges and add the following (for example) insertions.add(Range.range(716, 717)); insertions.add(Range.range(729, 731)); Send the insertion points to intruder. Observe no error. Flip the order of adding these to the ArrayList and observe the error thrown to console. This becomes a bit of an issue when you are using ParsedHttpParameter and the valueOffsets as I don't do them in order. Thanks, Tyler

Tyler | Last updated: Oct 17, 2023 09:38AM UTC

I've added the following which fixes my range list. Might it be worth adding this to the HttpTemplate code to be more intuitive? Collections.sort(insertions, Comparator.comparingInt(Range ::startIndexInclusive));

Hannah, PortSwigger Agent | Last updated: Oct 17, 2023 03:24PM UTC

Hi Tyler Thank you for the feedback! We've raised a feature request to look into this functionality in some more detail, and potentially remove the requirement for a specific order of markers/insertion point offsets. In the meantime, making sure that your list is in the correct order should mean that you do not encounter this exception. If there's anything else we can help with, then please let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.