Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Multi-Payload encoding rules and Encoding options for Scanner

Armando | Last updated: Dec 03, 2019 09:37AM UTC

Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend. For example, lets say that a website sends this while searching for something: eyJmaWx0ZXJzIjp7Im1hdGNoIjpbImFhYSJdfSwic2VsZWN0ZWRTb3J0IjoiUkVMRVZBTkNFIiwidHlwZSI6IkluZGV4IiwibmFtZSI6IkluZGV4In0= This will be decoded to the following JSON (with payloads already delimited): {"filters":{"match":["§aaa§"]},"selectedSort":"§RELEVANCE§","type":"§Index§","name":"§Index§"} Wouldn't be possible to add another symbol to the intruder so it could wrap the whole JSON and apply a encoding to that selection? This would also be very helpful if the scanner could take advantage of this information. Best regards

Michelle, PortSwigger Agent | Last updated: Dec 04, 2019 12:12PM UTC

Hi Thanks for the feedback. We've passed this idea on to our product team so they can review it and assess demand. If you have any additional information which you feel would help them better understand the requirements, please let us know.

Burp User | Last updated: Dec 19, 2019 12:34PM UTC

Hackvertor could solve this problem https://portswigger.net/bappstore/65033cbd2c344fbabe57ac060b5dd100

Hannah, PortSwigger Agent | Last updated: Dec 19, 2019 01:28PM UTC

Hi. Thank you for the feedback. I've updated the feature request with this additional information.

Burp User | Last updated: Dec 30, 2019 10:28PM UTC