Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Param Miner: disable query param cache buster?

Nicolas | Last updated: Feb 14, 2022 06:08PM UTC

When guessing body parameters, Param Miner automatically adds a cache buster in the form of a "<random_name>=1" query parameter (for example "&jx77i7jyh1=1"). Is there any way this can be disabled? Case in point, I'm trying to guess POST parameters on a signed URL. Adding anything to the URL will return an error since it will result in an invalid signature.

Uthman, PortSwigger Agent | Last updated: Feb 15, 2022 09:15AM UTC

Hi Nicolas,

Have you tried disabling some of the cachebuster options in the Param Miner settings?

Nicolas | Last updated: Mar 03, 2022 07:13PM UTC

Sorry I didn't notice your response until now. Even disabling all the "cachebuster" options will still result in a "?ifhbg6ci4=1" query parameter being added to the URL (the parameter is random and changes with every request). While we're on the subject, Param Miner is in dire need of documentation. There's a checkbox called "request" for example. Or "carpet bomb". How are we supposed to know what that does?

Uthman, PortSwigger Agent | Last updated: Mar 04, 2022 03:48PM UTC

Uthman, PortSwigger Agent | Last updated: Mar 07, 2022 03:23PM UTC