The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Parameter of HTTP POST with Content-Type multipart/form-data could not be updated

Roland | Last updated: Sep 20, 2015 05:49PM UTC

Hi all I'm not sure if I'm doing something wrong, but I experienced an issue when trying to remove or update a parameter of a multipart/form-data HTTP POST from a java extension. The original parameter is not removed but the new is added additionally to the edited request. Original Message: --------------------------------- POST /test/ HTTP/1.1 Host: testhost.brrrr User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: test.com Cookie: ASP.NET_SessionId=asdf; UserCulture=Language=de-DE&UserSpecific=false Connection: keep-alive Content-Length: 4635 Content-Type: multipart/form-data; charset=UTF-8; boundary=--------800612066 Pragma: no-cache Cache-Control: no-cache ----------800612066 Content-Disposition: form-data; name="wa" wsignin1.0 ----------800612066 Content-Disposition: form-data; name="wresult" <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">[shortened] ----------800612066-- Edited request: ---------------------------- POST /test/ HTTP/1.1 Host: testhost.brrrr User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: test.com Cookie: ASP.NET_SessionId=asdf; UserCulture=Language=de-DE&UserSpecific=false Connection: keep-alive Content-Length: 9223 Content-Type: multipart/form-data; charset=UTF-8; boundary=--------800612066 Pragma: no-cache Cache-Control: no-cache ----------800612066 Content-Disposition: form-data; name="wa" wsignin1.0 ----------800612066 Content-Disposition: form-data; name="wresult" <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">[shortened] ----------800612066 Content-Disposition: form-data; name="wresult" <?xml version="1.0" encoding="UTF-8"?> <edited:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">[shortened] ----------800612066-- In my Java code I'm doing the following steps: String parameterToUpdate = "wresult"; IParameter newParameter = helpers.buildParameter(parameterToUpdate, getEncodedSAMLMessage(textMessage), IParameter.PARAM_BODY); byteMessage = helpers.updateParameter(byteMessage, newParameter); Thanks in advance for checking my issue and thanks for the awesome work at Burp Suite! Cheers Roland

PortSwigger Agent | Last updated: Sep 21, 2015 07:48AM UTC