Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

More info on "Identify Backend Parameters"

Davide | Last updated: Aug 11, 2017 08:10AM UTC

During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context menu. I did that, but I got no feedback: where should I look for any result and or progress? Do I have to leave some window open? Can you please give me more assistance on this?

PortSwigger Agent | Last updated: Aug 11, 2017 09:54AM UTC

Hi there, if Backslash Powered Scanner manages to identify a backend parameter it will create a new scanner issue for it. You can find an indication of the current status of the scan for backend parameters under Extender->Extensions->BackslashPoweredScanner->Output. You're right that this isn't particularly obvious, I'll tweak the issue description to make it clearer. Cheers, James

PortSwigger Agent | Last updated: Aug 11, 2017 10:30AM UTC

Hi Falko, If Backslash finds any parameters it will report them as scan issues. If you simply want to see what it's doing behind the scenes, I recommend using Logger++ of Flow to observe the requests it's sending. Cheers, James

Burp User | Last updated: Aug 13, 2017 12:57PM UTC

Thank you very much for the info!

Burp User | Last updated: Nov 20, 2019 04:18PM UTC

Hi James, during a scan I've also found an endpoint with the issue observed by Davide. Aside from the Backend Parameter Injection, 'null' was identified as Magic Value for this endpoint. For the two requests concerning the Backend Parameter Injection a right click offers '*Identify backend parameters*'. I've clicked on 'Identify backend parameters' but cannot find its output. I've checked under Extender?Extensions?BackslashPoweredScanner?Output. This one shows the following output, indicating that the scanner was loaded. However, I cannot find any indication that the identification of backend parameters was started. I've also checked under Extender?Extensions?BackslashPoweredScanner?Errors. This one is empty. Where can I find the output of this scan? Thanks Falko --------- thorough mode: false confirmations: 8 encode everything: false debug: false try transformation scan: false try diffing scan: true diff: HPP: true diff: HPP auto-followup: false diff: syntax attacks: true diff: value preserving attacks: true diff: experimental concat attacks: false diff: experimental folder attacks: false diff: magic value attacks: true diff: magic values: "undefined,null,empty,none,COM1,c!C123449477,aA1537368460!" Loaded Backslash Powered Scanner v1.03 ---------

Liam, PortSwigger Agent | Last updated: Nov 21, 2019 03:22PM UTC

Thanks for the feedback. We've passed this on to James.

Burp User | Last updated: Nov 22, 2019 09:20AM UTC